|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Gonzalez (ag-snort_at_cerebro.violating.us)
Date: Thu Oct 10 2002 - 22:23:36 CDT
you might want to take a look at 'resp' and or 'react'.
React has the ability to implement flexible reactions for traffic that
matches a given snort rule. I guess the main function your looking for
is 'block' .
Check section 2.3.22 for Resp and section 2.3.24 for React in the "Snort
Users Manual".
hope it helps
- Albert
armando
hadrion.com.br wrote:
>Hi Guys,
>
>I'm with a doubt in snort, if someone can help me. ;)
>
>I have snort.conf using several rules. One of this files is
>virus.rules, where i only have virus signatures. =]
>
>And this rules is working properly when a virus arrive (it detect
>virus and log).
>
>But i like that the snort didn't log only, i like that snort log and
>drop (delete) the package whith mismatch with a virus signature (based
>on virus.rules). :))
>
>How to do it ??
>
>Some idea ??
>
>Thkz a lot.
>
>Best Regards.
>
>[ ]'s
>
-- The secret to success is to start from scratch and keep on scratching.------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]