[Snort-users] using flex response to block auto updates of clientsoftware

Madhav Diwan mdiwan at ...200...
Wed Jan 9 09:01:13 EST 2002


I need to use snort to look at the packet content and block on that . I
cant simply block a port because the ports are in use for regular client
tasks ( ususally) and the updates may or may not go though them ..theres
no way to tell yet.

I would love to block the updates just using port blocking on my
firewalls there .. but i cant block ports without making the software
useless. This is where both snort's IDS and sniffing functions come to
play together.

Madhav.


> Glenn Forbes Fleming Larratt wrote:
> 
> Um...why use flex response as opposed to simply blocking the traffic
> from the external host or hosts, using whatever firewall or other
> access control you have at your site? What you want to do seems more
> a firewall than an IDS task.
> 
>         -g
> 
> On Wed, 9 Jan 2002, Madhav Diwan wrote:
> 
> >  I would like to put an IDS in place on a proxy server that handles
> > mainly tcp connections from several clients to a external service
> > provider running a tcp server over nonstandard ports.
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list