What about the "'Flexible Response' code, that allows you to cancel hostile connections on IP-level when a rule matches."?
Say I want to not allow any packets on port 25 to have ".scr" in plain text. I write the rule and it gets prevented. Isn't this preventive? > Intrusion Detection systems are designed to detect intrusions. Period. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
