[Snort-users] using flex response to block auto updates of clientsoftware
mdiwan at ...200...
Wed Jan 9 09:01:13 EST 2002
I need to use snort to look at the packet content and block on that . I
cant simply block a port because the ports are in use for regular client
tasks ( ususally) and the updates may or may not go though them ..theres
no way to tell yet.
I would love to block the updates just using port blocking on my
firewalls there .. but i cant block ports without making the software
useless. This is where both snort's IDS and sniffing functions come to
> Glenn Forbes Fleming Larratt wrote:
> Um...why use flex response as opposed to simply blocking the traffic
> from the external host or hosts, using whatever firewall or other
> access control you have at your site? What you want to do seems more
> a firewall than an IDS task.
> On Wed, 9 Jan 2002, Madhav Diwan wrote:
> > I would like to put an IDS in place on a proxy server that handles
> > mainly tcp connections from several clients to a external service
> > provider running a tcp server over nonstandard ports.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users