mkettler at ...4108...
Mon Feb 16 14:09:10 EST 2004
At 11:16 AM 2/16/2004,
Israel_Guadalupe_Lopez_Mascorro../Administracion/Jalisco at ...11223... wrote:
>Hi I would like to know if with snort or some plug I can block attacks or
For viruses, I'd really recomend NOT using snort to control these...
install a copy of clamav or some other virus scanner on your SMTP gateway
and make all mail go through it.
For attacks, there are 3 different tools that expand snort to have blocking
capability., with different limitations and degrees of capability:
-not 100% reliable, but comes with snort, all you need is
--with-flexresp for your config. Relies on attempting to desynchronize or
reset TCP connections, or using ICMP error messages to make one or both
systems give up on the conversation.
- linux kernel specific at the moment, but does true kernel-level
firewall interaction as packets arrive.
- supports a wide variety of firewalls, but acts slightly after
the fact. This means the packet that contained the trigger gets passed, but
subsequent packets will get blocked, limiting the impact of the exposure.
More information about the Snort-users