[Snort-users] Flex-Response, anyone using it?
security at ...5028...
Thu May 20 11:51:01 EDT 2004
James Riden wrote:
> Jason <security at ...5028...> writes:
>>It will be a few weeks before I can get around to testing it for this
>>case so if anyone wants to give it a try and confirm functionality
>>"that would be great".
This is because your management interface is on a network that can route
the forged packets to the destination. The case I was referring to is
using this method to inject traffic onto the wire in the same location
as the sensing interface or into a location where the forged packets can
be handled properly thus ensuring there is a routable destination.
I think it might also give a better chance of resetting the connection
before the offending packet reaches the destination.
Like in this network
| <-- DMZ Sensor
| | |
Firewall | |
| | | <--- dedicated mgmt
|<-- inject |
> It just seemed to work OK out of the box, with minimal fiddling. No
> traffic is appearing on the wrong interfaces, etc.
>>Don't forget... When you report your test results back to the list do
>>not forget that the TPS report has a new format, didn't you read the
> Er, sorry?
Every time I hear or say "that would be great" I am obligated to make a
reference to the TPS report from the movie Office Space
More information about the Snort-users