Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FLEXRESP Problems

From: Markus Ulrich <Markus.Ulrich () in-systeme com>
Date: Wed, 26 Sep 2001 14:56:00 +0200
Hi,
I want to use snort to reset a tcp connection if an alert occur. So I used the libnet (1.0.2.a) to compile snort (1.8.1) with flexresp enable (Linux Slackware Kernel 2.4.10). 

A typical rule I used is :
alert tcp any 23 -> $NET any (msg:"TEST - TCP RST"; content: "gulu"; nocase; resp: rst_all;)
This works fine at least the logging but the connection brokes only 2 of 50 down. Have I made a mistake ? 

Is there any other way to do this ?

I m lucky for every help !

    Markus


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: