[Snort-users] send reset packet
saad at ...4401...
Thu Jan 2 20:27:12 EST 2003
On Fri, Jan 03, 2003 at 10:40:18AM +0700, Anthony Liberty wrote:
> Hi , as a newbie , i'm quite confused on how snort works
> * Anybody know how , to write snort rules to make it send a reset
> packet to unwanted connection. For example , my linux server box should only
> be telnet from my laptop. So when there is a telnet connection request from
> other PC to my linux server box , snort box should send a reset packet.
> I'm experienced in ISS Real Secure IDS. This box can be configured as an
> active NIDS.
> please pointing me.
get a look at flexresp and the 'react' keyword. flexresp is still
considered _alpha_ code so testing is needed.
using flexresp is explained in docs/README.FLEXRESP included in the
Saad Kadhi -- [saad at ...4401...] [saad.kadhi at ...7831...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D]
More information about the Snort-users