[Snort-users] using flex response to block auto updates of client software

Glenn Forbes Fleming Larratt glratt at ...604...
Wed Jan 9 07:50:06 EST 2002

Um...why use flex response as opposed to simply blocking the traffic
from the external host or hosts, using whatever firewall or other
access control you have at your site? What you want to do seems more
a firewall than an IDS task.


On Wed, 9 Jan 2002, Madhav Diwan wrote:

>  I would like to put an IDS in place on a proxy server that handles
> mainly tcp connections from several clients to a external service
> provider running a tcp server over nonstandard ports.

More information about the Snort-users mailing list