[Snort-users] Flex-Response, anyone using it?

Paul Schmehl pauls at ...6838...
Wed May 19 13:05:02 EDT 2004


--On Wednesday, May 19, 2004 10:07:45 AM -0500 Dusty Hall 
<halljer at ...8709...> wrote:

> I'm curious to know how many people, if any, are using Flex-Response and
> what kind of results they have seen?  I've been using it for some P2P
> rules but haven't actually tested it from the client.  Any information
> would be greatly appreciated.
>
There's been a lot of discussion on this list about not depending upon 
flexresp to do much for you.

Having said that, I can tell you from personal experience that it will 
completely prevent communication between two smtp servers.

So I would say it works pretty well.  Whether or not it will actually 
prevent an attack, I can't say from personal experience, but I *can* tell 
you it will irritate the hell out of an admin trying to track down a failed 
connections problem.  :-)

And yes, we still use it.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list