[Snort-users] Snort dropping packages. How to ?

Alberto Gonzalez ag-snort at ...7149...
Thu Oct 10 17:25:07 EDT 2002


you might want to take a look at 'resp' and or 'react'.

React has the ability to implement flexible reactions for traffic that 
matches a given snort rule. I guess the main function your looking for 
is 'block' .

Check section 2.3.22 for Resp and section 2.3.24 for React in the "Snort 
Users Manual".

hope it helps

    - Albert

armando at ...7138... wrote:

>Hi Guys,
>
>I'm with a doubt in snort, if someone can help me. ;)
>
>I have snort.conf using several rules. One of this files is
>virus.rules, where i only have virus signatures. =]
> 
>And this rules is working properly when a virus arrive (it detect
>virus and log).
> 
>But i like that the snort didn't log only, i like that snort log and
>drop (delete) the package whith mismatch with a virus signature (based
>on virus.rules). :))
>
>How to do it ??
>
>Some idea ??
>
>Thkz a lot.
>
>Best Regards.
>
>[ ]'s
>
-- 
The secret to success is to start from scratch and keep on scratching.






More information about the Snort-users mailing list