Snort mailing list archives
Re: active response in passive mode
From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 20 Nov 2012 09:36:04 -0500
Check the Snort manual for "config response". You may also find Snort's README.active and README.daq helpful, as well as the DAQ tarball README. On Mon, Nov 19, 2012 at 11:06 PM, amin Salehi <seyedamin_salehi () yahoo com>wrote:
hi.i compile snort with --enable-sourcefire.i run snort 2.9.3.1 in passive mode. i write 2 rule in local.rules file(i dont run these rules together): 1-drop tcp 10.10.7.2 any -> 10.10.8.2 23(msg:"connection failed to port 23";resp:reset_source;sid:1000001;) 2-drop tcp 10.10.7.2 any -> 10.10.8.2 23(msg:"connection failed to port 23";react:msg;sid:1000001;) but nothing happend.why? how can i implement active response in passive mode? ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- active response in passive mode amin Salehi (Nov 18)
- <Possible follow-ups>
- active response in passive mode amin Salehi (Nov 19)
- Re: active response in passive mode Russ Combs (Nov 20)