[Snort-users] Can't seem to compile with --enable-flexresp on RedHat 9
mkettler at ...4108...
Fri Jul 16 13:55:08 EDT 2004
At 04:40 PM 7/16/2004, Rhugga wrote:
>Okay thanks all. What exactly does flexible response allow me to do that I
>can't do with snort by default? (as I understand snort can execute scripts
>based on matches and with scripts can't you do everything????)
No, snort can't execute scripts. It never has been able to, and never will.
Process invokation is a fundamentaly slow process, something that would bog
snort down for so long that it could miss thousands of packets in the interim.
Use logwatchers to execute scripts, not snort.
Flexresp enables snort to send TCP reset packets and ICMP unreachable
messages to attempt to cause the client and/or server in a communication
session to close the sessions and not accept further data.
More information about the Snort-users