[Oisf-users] Flexresp or Active response for windows?

Rich Rumble richrumble at gmail.com
Thu May 8 21:54:31 UTC 2014


I see on the wiki Suricata can work with IPTables, but does it have a
windows equivalent?
The modern supported windows OS's actually are configurable via CLI using
PowerShell, WMIC and Netsh.exe, so the windows firewalls could accept
commands similar to Iptables, but perhaps not as robust a feature set.

Snort has Flexresp(3) and that works on Linux and Win32 still, it looks
like Suri may have Flexresp too? (see below)
https://doxygen.openinfosecfoundation.org/respond-reject-libnet11_8c.html

I have not tried any reset rules like these on Suricata yet but I will when
I get a minute:

alert tcp 192.168.1.2 any -> any 80 ( content:"www.google.com"; msg: "NOT
ALLOWED"; sid:1000008; rev:1; priority:1; resp: reset_source; )
alert ip any any -> any any ( content:"www.yahoo.com"; msg:"not allowed
access to yahoo.com please call MOATH KBJ"; priority:1;sid:10000089; rev:4;
resp: reset_both;)
If they work I'll try to add to the Wiki/Doc's as well.
-rich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140508/07ef1a60/attachment.html>


More information about the Oisf-users mailing list