Snort mailing list archives

Previous By Date Next
Previous By Thread Next

win32 snort (react + resp)

From: "Jon Baer" <jonbaer () jonbaer net>
Date: Sun, 6 Jul 2003 13:53:27 -0700
im attempting 2 simple rules as a test (on win32 port):

alert tcp $HOME any -> any 80 (msg: "Port 80"; resp: rst_snd;)
alert tcp $HOME any -> any 81 (msg: "Port 81"; react: block;)

the first one tells me that resp is a bad keyword.

the second actually can have block, warn, msg ... but on an outgoing
connection nothing really happens.  im expecting snort to kill the
connection and not allow a request through (but the laptop still gets the
content).

am i missing something?

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47




-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: