[Snort-users] third party utility to kill ...
mkettler at ...4108...
Thu Jan 31 10:42:03 EST 2002
The snort FAQ describes why trying to invoke an external process from an
IDS is a generally bad idea (hint: this creates a security hole that allows
your IDS to be bypassed by causing it to waste so much time invoking
processes it starts missing packets.).
Read the faq:
And yes, the FAQ mentions a bit about the speed of this on windows, but
it's not acceptably fast to do in *nix either.
At 04:18 PM 1/30/2002 -0600, Ronneil Camara wrote:
>I would like to kill a tcp connection other than making use of flexresp.
>I want to make use of tcpkill by Dugsong.
>Is there a way I can call this program once an alert, say web-iis cmd.exe,
>is sensed by snort, then snort is going to execute tcpkill -9 <target_ip>?
More information about the Snort-users