[Snort-users] third party utility to kill ...
ronneilc at ...4042...
Thu Jan 31 11:24:05 EST 2002
Granted. So, what's your approach then?
-> -----Original Message-----
-> From: Matt Kettler [mailto:mkettler at ...4108...]
-> Sent: Thursday, January 31, 2002 12:43 PM
-> To: Ronneil Camara; snort-users at lists.sourceforge.net
-> Subject: Re: [Snort-users] third party utility to kill ...
-> The snort FAQ describes why trying to invoke an external
-> process from an
-> IDS is a generally bad idea (hint: this creates a security
-> hole that allows
-> your IDS to be bypassed by causing it to waste so much time invoking
-> processes it starts missing packets.).
-> Read the faq:
-> And yes, the FAQ mentions a bit about the speed of this on
-> windows, but
-> it's not acceptably fast to do in *nix either.
-> At 04:18 PM 1/30/2002 -0600, Ronneil Camara wrote:
-> >I would like to kill a tcp connection other than making use
-> of flexresp.
-> >I want to make use of tcpkill by Dugsong.
-> >Is there a way I can call this program once an alert, say
-> web-iis cmd.exe,
-> >is sensed by snort, then snort is going to execute tcpkill
-> -9 <target_ip>?
More information about the Snort-users