[Snort-users] Snort dropping packages. How to ?
ag-snort at ...7149...
Thu Oct 10 17:25:07 EDT 2002
you might want to take a look at 'resp' and or 'react'.
React has the ability to implement flexible reactions for traffic that
matches a given snort rule. I guess the main function your looking for
is 'block' .
Check section 2.3.22 for Resp and section 2.3.24 for React in the "Snort
hope it helps
armando at ...7138... wrote:
>I'm with a doubt in snort, if someone can help me. ;)
>I have snort.conf using several rules. One of this files is
>virus.rules, where i only have virus signatures. =]
>And this rules is working properly when a virus arrive (it detect
>virus and log).
>But i like that the snort didn't log only, i like that snort log and
>drop (delete) the package whith mismatch with a virus signature (based
>on virus.rules). :))
>How to do it ??
>Some idea ??
>Thkz a lot.
The secret to success is to start from scratch and keep on scratching.
More information about the Snort-users