Snort 2.9.0.4 inline active response on Centos 5.5

[Risto Vaarandi <risto.vaarandi () seb ee>]

hi all,
I have successfully built snort 2.9.0.4 on centos5.5 with all DAQ 
modules, and ipq and nfw modules seem to work nicely in both passive and 
inline mode.

However, I have discovered that features which are related to active 
response don't work - the 'reject' action works like 'drop' and doesn't 
send TCP RST packet to attacker, and the 'resp' and 'react' rule options 
are not doing anything useful either. Interestingly, when shut down, 
Snort reports to have injected some packets into the network.

I have built snort with the following options: --enable-ipv6 
--enable-gre --enable-mpls --enable-targetbased 
--enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling 
--enable-zlib --enable-active-response --enable-normalizer 
--enable-reload --enable-react --enable-flexresp3
and also, I have tried to omit some obviously not relevant options, but 
in all cases the problem does not go away (I am running my snort inside 
vbox virtual machine).

Is active response known to be broken on Centos/RHEL 5?

BR,
risto


------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users