RE: CRIME Checkpoint versus Sonicwall

From: brvarin@private
Date: Wed Aug 28 2002 - 15:34:05 PDT

Next message: Crispin Cowan: "Re: CRIME Checkpoint versus Sonicwall"

Previous message: Crispin Cowan: "Re: CRIME Follow-up to my idea for helping law enforcement respond more eff ectively to life-threatening disappearances and abductions"
Maybe in reply to: Eric Kornberg: "CRIME Checkpoint versus Sonicwall"
Next in thread: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Snort has the option to do Active Response if that's what you mean by
integrated response. When you compile the initial package, include the
--enable-flexresp and it will have the ability. You also have to tell each
signature what to do.

Plug the "resp: xxxxx" into the signature and it'll respond in a variety of
ways.





This is actually one of my bigger complaints with Snort. As  capable as it
is, it has no integrated response capabilities other than to shoot  off
alerts. You'd have to custom build a response mechanism for it,
which isn't easy.

Next message: Crispin Cowan: "Re: CRIME Checkpoint versus Sonicwall"
Previous message: Crispin Cowan: "Re: CRIME Follow-up to my idea for helping law enforcement respond more eff ectively to life-threatening disappearances and abductions"
Maybe in reply to: Eric Kornberg: "CRIME Checkpoint versus Sonicwall"
Next in thread: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 16:16:40 PDT