OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Snort-users] Attack Detection: Then what

From: M. Morgan (mikemorganmindspring.com)
Date: Fri Jan 23 2004 - 10:37:40 CST

I use snort for network insight and forensics and alerts mainly.
 
You may want to look at something like http://www.snortsam.net/ to get a bit more "Active" response.
 
As for your last question, sorry but I dont know the answer.


-----Original Message-----
From: Owais Bin Zuber
Sent: Jan 19, 2004 9:48 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Attack Detection: Then what

<![endif]--> Clean Clean DocumentEmail MicrosoftInternetExplorer4 <![endif]--> <![endif]-->

Hi,

 

I am trying to implement snort at my network. I have read many documents regarding snort installation and configuration. All the documents tell you that snort will detect the attack, will log it and will send an alert to whatever is configured. The question remains that does snort block the attack itself or leaves this to the administrator. I have read about guardian but discussion on the mailing list revealed that using guardian is not a good idea as it can be used as DoS tool also. My question is that is it possible for snort to send TCP RST packet as a response.

 

Thanks

------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users