[Snort-users] Swen.A results with Snort-inline (protocol anomaly detection)

Jason Haar Jason.Haar at ...294...
Thu Sep 25 17:59:19 EDT 2003

On Thu, Sep 25, 2003 at 09:45:57PM +0100, pieter claassen wrote:
> However, this raised another question. All the snort plugins are focused
> on detection. In this specific case, it would have been great to have a
> snort plugin that could partake in the SMTP conversation and bring the
> line down a little bit more gracefully (eg. remember the message id of

There's already some precedence for that - Snort already has code for doing
"HTTP Resets" for want of a better word - the "react" function.

However, although I too make good use of some of Snort's antivirus
functionality (the SMB rules), the real way of dealing with viruses and
trojans is with an antivirus package - not an IDS. Network scanner-based
technology will NEVER be able to replace AV systems...


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-users mailing list