Snort mailing list archives
Re: snort react action
From: free <free.aaa () gmail com>
Date: Wed, 6 Apr 2016 18:08:15 +0300
Albert, there are ethernet interfaces. eth1 - which get mirrored traffic with no IP eth0 - normal ipv4 interface through which snort must send RESET or REACT. 06.04.2016 17:58, free пишет:
Albert, thanks for response.# snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.8.0 GRE (Build 229) '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.6.2 Using PCRE version: 8.35 2014-04-04 Using ZLIB version: 1.2.8start command:# /usr/local/bin/snort -D -q -N -m 027 -d -l /var/log/snort -c /etc/snort/snort.conf -i eth1rule (only 1 rule) and config attached. 06.04.2016 17:47, Al Lewis (allewi) пишет:Hello, What version of snort are you using? What rule are you using?What command are you using to start snort? Do you have a config file you can share? Need a little more information sorry. Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com -----Original Message----- From: free [mailto:free.aaa () gmail com] Sent: Wednesday, April 06, 2016 3:28 AM To: snort-users () lists sourceforge net Subject: [Snort-users] snort react action Hi all! I made some rules with react action in them. With afpacket daq mode all is working fine, I see hijacked responses on the client. But when I switch daq to pfring react stops working. In logs I see that snort is matching the rule, but no action... Any help? Thanks in advance! Best regards, Alex ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort react action free (Apr 06)
- Re: snort react action Al Lewis (allewi) (Apr 06)
- Re: snort react action free (Apr 06)
- Re: snort react action free (Apr 06)
- Re: snort react action free (Apr 06)
- Re: snort react action Al Lewis (allewi) (Apr 06)