[Snort-users] Flex-Response, anyone using it?
pauls at ...6838...
Wed May 19 13:05:02 EDT 2004
--On Wednesday, May 19, 2004 10:07:45 AM -0500 Dusty Hall
<halljer at ...8709...> wrote:
> I'm curious to know how many people, if any, are using Flex-Response and
> what kind of results they have seen? I've been using it for some P2P
> rules but haven't actually tested it from the client. Any information
> would be greatly appreciated.
There's been a lot of discussion on this list about not depending upon
flexresp to do much for you.
Having said that, I can tell you from personal experience that it will
completely prevent communication between two smtp servers.
So I would say it works pretty well. Whether or not it will actually
prevent an attack, I can't say from personal experience, but I *can* tell
you it will irritate the hell out of an admin trying to track down a failed
connections problem. :-)
And yes, we still use it.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users