[Snort-users] How to make flexresp respond on all existing rules ?
radamson at ...2127...
Thu Jul 10 18:42:09 EDT 2003
Yes, you have to edit each rule that you'd like flexresp to respond to, "and"
tell flexresp exactly how you want it to respond.
Hopefully you've read the archives to know that flexresp can lead you into
a false sense of security as not all intruders actually listen for whatever
flexresp might be sending. Also, unless you understand exactly how each of
your applications/systems might respond to a flexresp packet, you're likely
to assume things that aren't correct. Be carefull.
> Do I manually have to edit all rules that I want a flexresp response for (by inserting
> the string "resp:rst_all"), or is there a way to make snort make a flexresp response on any
> alerts (without editing the rules) ?
More information about the Snort-users