|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Gonzalez (ag-snort_at_cerebro.violating.us)
Date: Thu Oct 10 2002 - 22:53:13 CDT
actually, be careful when playing with resp and react. you might want to
also take a look at snort-inline(haven't played with it seems cool), or
hogwash.
hope it helps
- Albert
Alberto Gonzalez wrote:
> you might want to take a look at 'resp' and or 'react'.
>
> React has the ability to implement flexible reactions for traffic that
> matches a given snort rule. I guess the main function your looking for
> is 'block' .
>
> Check section 2.3.22 for Resp and section 2.3.24 for React in the
> "Snort Users Manual".
>
> hope it helps
>
> - Albert
>
> armando
hadrion.com.br wrote:
>
>> Hi Guys,
>>
>> I'm with a doubt in snort, if someone can help me. ;)
>>
>> I have snort.conf using several rules. One of this files is
>> virus.rules, where i only have virus signatures. =]
>>
>> And this rules is working properly when a virus arrive (it detect
>> virus and log).
>>
>> But i like that the snort didn't log only, i like that snort log and
>> drop (delete) the package whith mismatch with a virus signature (based
>> on virus.rules). :))
>>
>> How to do it ??
>>
>> Some idea ??
>>
>> Thkz a lot.
>>
>> Best Regards.
>>
>> [ ]'s
>>
-- The secret to success is to start from scratch and keep on scratching.------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]