[Snort-users] some basic questions
bsdguy at ...1472...
Wed Oct 3 23:52:03 EDT 2001
On Wed, 2001-10-03 at 18:56, Rob Collins wrote:
> Since the IDS and Firewall are seperate, the firewall
> may pass the matched packet on to the internal host.
> Snort has now way of stopping this (??). Does sending
> forged RST packets (or icmp X unreachable) from the
> IDS reset the connection, is this what Snort is doing?
dunno about Snort. But at least this is what RealSecure is doing. Si I
guess it's about the same w/ Snort.
[put your signature here]
self-customize-sig(tm). another dumb patent...
More information about the Snort-users