FW: [Snort-users] Flex-Response, anyone using it?

Paul Schmehl pauls at ...6838...
Thu May 20 13:22:06 EDT 2004


--On Wednesday, May 19, 2004 04:37:17 PM -0400 IDont ThinkSo 
<billygates_sux at ...125...> wrote:
>
>    Flexresp works well, as all it needs to do is send out a reset packet
> (or icmp unreachable or such) if a certain condition is met.  And yes, if
> you write a rule to send a reset packet when syn packet on port 25
> arrives it will send one out and block the connection.

Of course I never wrote such a rule, nor did I ever say that I wrote such a 
rule, but you're entitled to speculate, I suppose.

  HOWEVER, you
> should not use flexresp with normal snort smtp rules, as mail servers do
> not like connections being reset while it is receiving a msg.

Well, that's sort of a "Doh!", isn't it!

>  As paul
> only uses this only to torment admins with less knowledge than him (I
> don't know how that is possible) he cannot testify to its use in a real
> environment.  If they were smarter they might just track his ass down and
> beat him senselessly.
>
I never wrote any rules to "torment admins" nor did I ever say that I wrote 
any rules to torment admins.  Again, I suppose you're entitled to speculate 
to your heart's content, but try not to attribute to me things that I've 
never said.

I'll let the readers decide who has more credibility - someone who posts 
under their own name or someone who posts pseudo-anonymously.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list