[Snort-users] Can't seem to compile with --enable-flexresp on RedHat 9

Rhugga snort-list at ...12135...
Fri Jul 16 15:09:03 EDT 2004


Matt Kettler wrote:

> At 04:40 PM 7/16/2004, Rhugga wrote:
>
>> Okay thanks all. What exactly does flexible response allow me to do 
>> that I can't do with snort by default? (as I understand snort can 
>> execute scripts based on matches and with scripts can't you do 
>> everything????)
>
>
> No, snort can't execute scripts. It never has been able to, and never 
> will. Process invokation is a fundamentaly slow process, something 
> that would bog snort down for so long that it could miss thousands of 
> packets in the interim.
>
> Use logwatchers to execute scripts, not snort.
>
>
> Flexresp enables snort to send TCP reset packets and ICMP unreachable 
> messages to attempt to cause the client and/or server in a 
> communication session to close the sessions and not accept further data.
>
>
Ahhh... I thought I read that snort can log to syslog and optionally run 
scripts. Cool thanks for the info..

-Rhugga




More information about the Snort-users mailing list