Snort mailing list archives
Re: win32 snort (resp + react)
From: Jeff Nathan <jeff () snort org>
Date: Mon, 07 Jul 2003 01:18:59 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not sure if Jon was talking about the code I sent out specifically to the list of people testing the new code. Thanks for responding in any case Rich. Let me be 100% clear. Jon, if you are testing the new code, please respond directly to the list of testers and myself rather than this list. - -Jeff - --On Sunday, July 6, 2003 13:13 -0600 Rich Adamson <radamson () routers com> wrote:
Jon,im attempting 2 simple rules as a test (on win32 port): alert tcp $HOME any -> any 80 (msg: "Port 80"; resp: rst_snd;) alert tcp $HOME any -> any 81 (msg: "Port 81"; react: block;) the first one tells me that resp is a bad keyword.The Win32 executable that Jeff sent all of us for testing had a bug in it that kept "resp:" from being recognized as a keyword. After he corrected that, I also noticed the keyword had no impact (eg, rst_snd was not sent).the second actually can have block, warn, msg ... but on an outgoing connection nothing really happens. im expecting snort to kill the connection and not allow a request through (but the laptop still gets the content). am i missing something?Not missing a thing. Jeff was going to debug the code this weekend. If his weekend is/was as busy as mine, it will probably be a few days before we hear anything. Rich ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- http://cerberus.sourcefire.com/~jeff (gpg key available) Great spirits have always encountered violent opposition from mediocre minds. - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (Darwin) iD8DBQE/CSzzEqr8+Gkj0/0RAiRHAKCQBGA5Yp2p4ESEVWd4XJua3pwUxwCgkZPm XOYAjvlytBLZ8+WRSFO03nI= =kP/w -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- win32 snort (resp + react) Jon Baer (Jul 06)
- Re: win32 snort (resp + react) Rich Adamson (Jul 06)
- Re: win32 snort (resp + react) Jeff Nathan (Jul 07)
- Re: win32 snort (resp + react) Rich Adamson (Jul 06)