[Snort-users] some basic questions

Saad Kadhi bsdguy at ...1472...
Wed Oct 3 23:52:03 EDT 2001


On Wed, 2001-10-03 at 18:56, Rob Collins wrote:
[huge snip]
> Since the IDS and Firewall are seperate, the firewall
> may pass the matched packet on to the internal host. 
> Snort has now way of stopping this (??).  Does sending
> forged RST packets (or icmp X unreachable) from the
> IDS reset the connection, is this what Snort is doing?
dunno about Snort. But at least this is what RealSecure is doing. Si I
guess it's about the same w/ Snort. 
 
-- 
/saad
[put your signature here]
self-customize-sig(tm). another dumb patent...
nodisclaimer





More information about the Snort-users mailing list