Snort mailing list archives
Re: flexresp?
From: Jeff Nathan <jeff () snort org>
Date: Sun, 19 Dec 2004 23:48:35 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Paul,If you're willing to check out the snort source code from CVS, flexresp2 is part of CVS HEAD (the latest code not yet part of a release).
- -Jeff On Dec 16, 2004, at 6:29 PM, Sheahan, Paul wrote:
Hi all,I just updated to the latest Snort (2.3.0RC2) and compiled it with the flexresp option. It compiled fine and accepts and understands “resp” rules, however during testing I have created rules using “resp: rst_all” and they don’t work. I see my test criteria is found in the alert logs but it does not appear to reset the session. This used to work for me in the past.Afterward I noticed my sniffing interface did not have an IP assigned, so I assigned one and did the test again. That still did not help.I’d like to mess around with sending TCP RSTs when a rule is triggered or some other way of killing a session when a rule is met. Is Flexresp the option I should be using or are there better features now? Just wondering if I should be spending time on flexresp or looking at something better.I looked at the new “inline” features but not sure if this is an alternative?Thanks
- -- Now with 100% mailing lists. http://nemesis.sourceforge.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBxlmnEqr8+Gkj0/0RAn9iAKCtn+1yAlBa0IGopsPSS0oI7sJZoQCfaTnb GgsshbVrefdiVrBbG7BaOA0= =6z1Z -----END PGP SIGNATURE----- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- flexresp? Sheahan, Paul (Dec 16)
- Re: flexresp? Jeff Nathan (Dec 19)