[Snort-users] send reset packet

Saad Kadhi saad at ...4401...
Thu Jan 2 20:27:12 EST 2003


On Fri, Jan 03, 2003 at 10:40:18AM +0700, Anthony Liberty wrote:
> Hi , as a newbie , i'm quite confused on how snort works 
> *	Anybody know how , to write snort rules to make it send a reset
> packet to unwanted connection. For example , my linux server box should only
> be telnet from my laptop. So when there is a telnet connection request from
> other PC to my linux server box , snort box should send a reset packet.
> 
> I'm experienced in ISS Real Secure IDS. This box can be configured as an
> active NIDS.
> 
> please pointing me.
get a look at flexresp  and  the  'react'  keyword.  flexresp  is  still
considered _alpha_ code so testing is needed.

using flexresp is explained  in  docs/README.FLEXRESP  included  in  the
source tarball.

hth
-- 
Saad Kadhi -- [saad at ...4401...] [saad.kadhi at ...7831...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]
---




More information about the Snort-users mailing list