Snort mailing list archives
Problem with "Established" keyword
From: Ryan Russell <ryan () thievco com>
Date: Wed, 17 Dec 2003 12:13:25 -0800
I did find the discussion about this in October, but I could find no real solution in that discussion.
I just did a fresh install of Snort 2.0.5 on OpenBSD 3.4. Just a simple configure; make; make install, and copies the rules and config files to a directory, and started Snort from there.
It appears that none of the rules with established will fire. If I take that keyword out of the rule, it works fine.
Was there some change to Snort that borke this, or is some preprocessor not hadling it properly?
Ryan ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with "Established" keyword Ryan Russell (Dec 17)
- Re: Problem with "Established" keyword Chris Green (Dec 17)
- Re: Problem with "Established" keyword Ryan Russell (Dec 17)
- Re: Problem with "Established" keyword Chris Green (Dec 18)
- Re: Problem with "Established" keyword Ryan Russell (Dec 17)
- Re: Problem with "Established" keyword Chris Green (Dec 17)