Snort mailing list archives
Flex Resp Problems
From: Owen Creger <OCreger () CreativeSolutions com>
Date: Wed, 14 Aug 2002 22:49:56 -0400
Running on RH 7.2 I have installed the RPM's: snort-1.8.7-1snort snort-mysql+flexresp-1.8.7-1snort I want to change the rule: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cmd.exe access"; flags:A+; content:"cmd.exe"; nocase; classtype:web-application-attack; sid:1002; rev:5;) to: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS cmd.exe access"; resp:rst_all; flags:A+; content:"cmd.exe"; nocase; classtype:web-application-attack; sid:1002; rev:5;) When I restart Snort I get the error: FATAL ERROR: ERROR: cannot open raw socket for libnet, exiting... I have perl-libnet-1.0703-6 installed. What am I missing? Do I need a different version of Libnet? Owen C. Creger CCNA, CISSP Info. Sec. Administrator Creative Solutions, a Thomson Company. 7322 Newman Blvd. Dexter, MI 48130 email: ocreger () creativesolutions com ph: 734-426-5860 ex. 3787 fax: 734-426-5946 cell: 734-223-6270 Owen C. Creger CCNA, CISSP Info. Sec. Administrator Creative Solutions, a Thomson Company. 7322 Newman Blvd. Dexter, MI 48130 email: ocreger () creativesolutions com ph: 734-426-5860 ex. 3787 fax: 734-426-5946 cell: 734-223-6270 ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flex Resp Problems Owen Creger (Aug 14)
- Missing port number in alert file. SW (Aug 14)
- Re: Missing port number in alert file. Matt Kettler (Aug 15)
- Re: Flex Resp Problems Jeff Nathan (Aug 15)
- Missing port number in alert file. SW (Aug 14)