Snort mailing list archives
flexresp
From: Ramin Alidousti <ramin () cannon eng us uu net>
Date: Mon, 10 Sep 2001 14:55:52 -0400
Hi IDS guru's, I'm still having problem with flexresp. It simply seems not to be working. I've one simple rule: alert tcp $EXTERNAL_NET any -> $TEST_HOST 22 (msg:"KILL SESSION";flags: S; resp:rst_all;) I run snort in foreground. And when I try to ssh to TEST_HOST I get the following and my ssh session is not being reset: *) Critical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ipCritical: SendTCPRST: libnet_write_ip I also tried other response packets, eg, icmp_port, this one generates: *) Critical: SendICMP_UNREACH: libnet_write_ip Does this "Critical" mean something? Is there something wromg I do/forgot? I just downloaded: - cvs snort - Libnet-1.0.2a to no avail. Thanks for the help. Ramin _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- flexresp Ramin Alidousti (Aug 28)
- RE: flexresp Neal Timm (Aug 28)
- <Possible follow-ups>
- flexresp Ramin Alidousti (Sep 10)