Snort mailing list archives

Re: rules: react

From: Maciej Tomasz Szarpak <M.Szarpak () elka pw edu pl>
Date: Fri, 5 Oct 2001 15:39:33 +0200 (MET DST)


Hi,

Please refer to Snort > Documentation > Rules > React rule
on www.snort.org

You need to have at least one content keyword in your rul.

Enjoy it,

Maciek.


On Tue, 25 Sep 2001, Vsevolod Zaika wrote:


Is somebody use 'react' in rules?
I have installed LibNet-1.0.2a, configured and
maked snort-1.8.1-RELEASE (build 74)
whith --enable-flexresp.

i have included in some rules following:

alert tcp [bla-bla-bla] ( [bla-bla-bla]; react: block,warn; )
                                           (or simply block)

(i receive no error messages during snort starting)

but when this rule ativated nothing except logging happens.
(no session close, no warning messages to attackers etc.)

command line options to snort are:

./snort -sIDN
B
OS: FreeBSD 4.1.1-RELEASE.

What is wrong?

Thank you for help.


--
WBR, Vsevolod I. Zaika,
ISS system administrator.

[VZ666-RIPE] [VIZ1-UANIC]



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: rules: react Maciej Tomasz Szarpak (Oct 09)