Project

General

Profile

Actions
Copy link

Feature #609

open

Active Response in inline mode (like react in snort 2.9+)

Added by Dmitry Vlasov over 11 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
high
Difficulty:
medium
Label:

Description

Rule option keyword that enables sending an HTML page on a session and then resetting it

Example rule:
drop tcp any any -> any 80 (msg:"http://bad.url"; content:"Host: bad.url"; react: msg; sid:283; rev:1;)

http://manual.snort.org/node26.html#SECTION003114000000000000000

Actions
Copy link

Also available in: Atom PDF