Snort mailing list archives
Re: Flexresp
From: Alwin Raymundo <alrayworld () yahoo com>
Date: Tue, 9 Apr 2002 05:17:13 -0700 (PDT)
Hi Guys, Thanks to all who gaves the howto regarding flexresp a different technics and procedures. I learned a lot from guys. Thanks to all of you. --- counter.spy () gmx de wrote:
Hello. Here is some quick-and-dirty method: Use netcat to create some temporary server on a serverport that is never used on your net. Write a snortrule: alert tcp any any -> $HOME_NET your_port (msg:"Flexresp test"; flags:A+;) If connection fails then you know that it works. Use tcpdump in order to check that snort resets the connection.Hi Phil, Thanks for responding so quick. I appreciate it. Is there anyway or services that I can test asidefromFTP because I don't allow ftp services in all mylinuxbox because you know "security". Thanks--- Phil Wood <cpw () lanl gov> wrote:Well, You could enable an ftp server on your snort box. Set up your flexresp rules to include the addressofyour snort box. Start your snort running. Call your friends and ask them to pull down files from your snort box. Ask your friends to let you know how it went. Later, On Mon, Apr 08, 2002 at 10:50:24AM -0700, Alwin Raymundo wrote:Hi Guys, I need your HELP!, I just recently recompiled mysnortwith-mysql and flexresp. Now my question is how do I know that flexrespisworking, where do I look? that indicates theflexrespis working. I use the resp:rst_all; in some of snort rules. Your quick response is highly appreciated. Thanks in Advance. ===== Alwin Raymundo__________________________________________________Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== Alwin Raymundo __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net
===== Alwin Raymundo __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Flexresp, (continued)
- Re: Flexresp Phil Wood (Apr 08)
- Re: Flexresp Alwin Raymundo (Apr 08)
- Re: Flexresp Phil Wood (Apr 08)
- Re: Flexresp Alwin Raymundo (Apr 08)
- RE: Flexresp Ronneil Camara (Apr 08)
- RE: Flexresp Alwin Raymundo (Apr 08)
- RE: Flexresp Ronneil Camara (Apr 08)
- Re: Flexresp counter . spy (Apr 08)
- RE: Flexresp Sheahan, Paul (PCLN-NW) (Apr 08)
- RE: Flexresp Alwin Raymundo (Apr 09)
- RE: Flexresp Ronneil Camara (Apr 08)
- Re: Flexresp Alwin Raymundo (Apr 09)
- Re: Flexresp Phil Wood (Apr 08)