The Bro distribution includes a program called rst that will terminate
a active connection by sending a TCP "reset" packet to the sender. The
ftp and login analyzers will automatically call reset if the following
flag is defined in your site/site.local.bro file:
redef activate_rst = 1;
(Note: this is currently not implemented! Coming soon)
All connections from a forbidden_id get terminated, as well as any service
defined in terminate_successful_inbound_service. For example, to terminate all successful attempts
to access the RPC portmapper via TCP from an external network, you would add this:
redef terminate_successful_inbound_service += {
[111/tcp] = "disallow external portmapper"
};