[Snort-users] Can't seem to compile with --enable-flexresp on RedHat 9
snort-list at ...12135...
Fri Jul 16 15:09:03 EDT 2004
Matt Kettler wrote:
> At 04:40 PM 7/16/2004, Rhugga wrote:
>> Okay thanks all. What exactly does flexible response allow me to do
>> that I can't do with snort by default? (as I understand snort can
>> execute scripts based on matches and with scripts can't you do
> No, snort can't execute scripts. It never has been able to, and never
> will. Process invokation is a fundamentaly slow process, something
> that would bog snort down for so long that it could miss thousands of
> packets in the interim.
> Use logwatchers to execute scripts, not snort.
> Flexresp enables snort to send TCP reset packets and ICMP unreachable
> messages to attempt to cause the client and/or server in a
> communication session to close the sessions and not accept further data.
Ahhh... I thought I read that snort can log to syslog and optionally run
scripts. Cool thanks for the info..
More information about the Snort-users