grantp at ...5057...
Fri Feb 22 14:10:10 EST 2002
If the snort sensor is not serving as a GW it should be located on a
segment or mirrored port through which it can view the connections you
would like to RST. Snort is not modifying the data 'in-flight', it is
sending an RST with spoofed source addr and sequence.
Have a look at README.FLEXRSP for additional info.
>I built snort machine with mysql support.I didn't include flexresp. I just
>wonder-can I use flexresp if machine is not a default gateway for the
>network? If it is not the dg, then how it will reset some connections and
>prevent them from getting inside the network?
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users