Snort mailing list archives
Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp
From: "Dave Thornburgh" <dave_thornburgh () hotmail com>
Date: Wed, 9 Oct 2002 13:23:25 -0700
John - Thanks for the file. In the extracted folder I've got (the NT version), there is absolutely NO documentation. Everyone else: While John did get me the M to RTF, it is extremely sparse, and doesn't begin to address the interaction of flexresp with stealth sniffing. Is anybody out there using it yet? Or, from another angle, does anybody know if it's possible to transmit packets from an interface that has no IP address assigned? Thanks, Dave ----- Original Message ----- From: "Hicks, John" To: "'Dave Thornburgh'" Sent: Wednesday, October 09, 2002 12:16 PM Subject: RE: [Snort-users] Newbie questions, Snort on NT, stealth mode vs react/flexresp
README.FLEXRESP should be in the rot of the extracted snort folder. I have included it for you just in case :) I haven't used in for real yet, so i can't help you there :( I even converted the file from Unix to DOS for you. hth, John -----Original Message----- From: Dave Thornburgh [mailto:dave_thornburgh () hotmail com] Sent: Wednesday, October 09, 2002 2:33 PM To: Snort-users () lists sourceforge net Subject: [Snort-users] Newbie questions, Snort on NT, stealth mode vs react/flexresp Hello all. I'm in the investigation/learning phase. Soon I'll be implementing a firewalled internet connection for my company, email server in the DMZ, Snort sensors at a couple of key spots - the whole kit & caboodle. I
think
I'm getting a pretty good grasp of Snort basics, or at least as much as I can without actually building the boxes & putting them through their
paces.
I'm planning on running Snort on NT, until I get the firewall stuff under control and dive back into *nix. I am a little confused about the "react" option and the flexresp module, especially as it relates to running Snort on a stealthed interface. If there is no stack running for the interface, can flexresp still transmit
the
reset packets? Although I'm far from being an expert, that just didn't
seem
possible to me. Or, if I want to use stealth, do I need to give up on
using
react? Also, I tried searching the mailing list archives for similar questions,
and
saw a couple of responses along the lines of "read the flexresp README and all will be clear". My problem is, I searched www.snort.org a couple of times, and cannot find a README for flexresp. Does anybody know if this would be found elsewhere on the net? Thanks, Dave ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie questions, Snort on NT, stealth mode vs react/flexresp Dave Thornburgh (Oct 09)
- <Possible follow-ups>
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dave Thornburgh (Oct 09)
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dragos Ruiu (Oct 09)
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Frank Knobbe (Oct 09)
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dragos Ruiu (Oct 09)