On 10 Apr 2002 at 10:53, Clifford Thurber wrote: > I would like to know how you are using Snort to close or deny ports? The > last I checked Snort was an IDS used for logging and alerting?
Take a look at the "react" rule option ( http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.24 ) >From that page: "The Flex Resp code allows Snort to actively close offending connections and/or send a visible notice to the browser (warn modifier available soon)." Currently only appears to support the "block" argument which AFAIK will respond to the packets as if the destination had closed the connection (I haven't actually tried this yet as I run Snort on Win32 and the version I'm using doesn't support this, I really must upgrade it). Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
