FW: [Snort-users] Flex-Response, anyone using it?
pauls at ...6838...
Thu May 20 13:22:06 EDT 2004
--On Wednesday, May 19, 2004 04:37:17 PM -0400 IDont ThinkSo
<billygates_sux at ...125...> wrote:
> Flexresp works well, as all it needs to do is send out a reset packet
> (or icmp unreachable or such) if a certain condition is met. And yes, if
> you write a rule to send a reset packet when syn packet on port 25
> arrives it will send one out and block the connection.
Of course I never wrote such a rule, nor did I ever say that I wrote such a
rule, but you're entitled to speculate, I suppose.
> should not use flexresp with normal snort smtp rules, as mail servers do
> not like connections being reset while it is receiving a msg.
Well, that's sort of a "Doh!", isn't it!
> As paul
> only uses this only to torment admins with less knowledge than him (I
> don't know how that is possible) he cannot testify to its use in a real
> environment. If they were smarter they might just track his ass down and
> beat him senselessly.
I never wrote any rules to "torment admins" nor did I ever say that I wrote
any rules to torment admins. Again, I suppose you're entitled to speculate
to your heart's content, but try not to attribute to me things that I've
I'll let the readers decide who has more credibility - someone who posts
under their own name or someone who posts pseudo-anonymously.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users