[Snort-users] Flex-Response, anyone using it?
j.riden at ...11179...
Thu May 20 12:53:18 EDT 2004
<CGhercoias at ...8619...> writes:
> Here you go:
> alert any $EXTERNAL_NET any -> $HOME_NET 25 ( sid: 1000589; rev: 1; msg:
> "Drop Email -- Waste of time"; content: "billygates_sux at ...125...";
> content: "IDont ThinkSo"; resp: rst_snd,icmp_all; classtype:
Incidentally, this is a great example of how not to use snort - much
better to drop the message at the MUA, or on the MX if it's a
That's one of the dangers of using flexresp - you've got a big hammer
so you're tempted to go looking for things that look like nails.
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-users