[Snort-users] i can't block sites with Snort

Matt Kettler mkettler at ...4108...
Thu Aug 1 09:08:15 EDT 2002


Probably what you want is a flexresp enabled build and resp: rst_all. not 
react: block

http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.22

That said, snort, even with flexresp, is *not* intended for use as a 
firewall. It is intended to be used as a last-ditch effort to abort a 
connection. Due to the nature of  what flexresp is, it cannot work 100% of 
the time, particularly for low-latency links.




At 04:14 AM 8/1/2002 -0700, funky wrote:

>/*
>Snort Users Manual Page 15:
>
>resp : active reponse (knockdown connections)
>react : active reponse (block web sites)
>*/
>
>So can't i use these options? They exist in Snort's
>manual .
>
>thanx
>
>funky
>
>
>
>--- Roberto Suarez Soto <robe at ...3881...> wrote:
> > On Aug/01, funky wrote:
> >
> > > Like that when i run snort, it didn't block the
> > sites,
> >
> >       Snort doesn't block anything, it just alerts of the
> > incidents. You'll
> > have to search for another program to block the
> > sites.
> >
> > --
> > Roberto Suarez Soto                                   Alfa21 Outsourcing
> >     robe at ...3881...                                http://www.alfa21.com
> >
> >
> >
>-------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Health - Feel better, live better
>http://health.yahoo.com
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list