RE: Snort+flexresp

["skill2die4" <skill2die4 () yahoo com>]

Hi:

I was working on flexREsp in my lab and the set-up was : 

----------               ----------
-  compA - +++++++++++++ -  compB -
----------               ----------

+++ = crossover

compA = running snort
compB = testing machine


So, in my case even though FLEXRESP might be installed 
properly; it wasn't replying to packets with a RST packet (as per
the rules that I created) due to time frame given to snort to create the
packet(as per my understanding now...thanks to ROEL)


Questions:
----------

1. Was it was because the compA replied before snort could craft the
reply packet?

2. Even if so, I should have seen at least a single RST(even though with
delayed sequence number) packet ?

3. Since I didn't saw even a single RST packet over the network, should
I ASSume that the problem lies with my installation or rulesets ?

4. How can I create network DELAYS in the Lab environment?
[** MOST IMPORTANT **]



Thanks!


Skill2die4


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users