Snort mailing list archives

Previous By Date Next
Previous By Thread Next

flexresp

From: Erik Wienberg <ew () dmi dk>
Date: Thu, 25 Oct 2001 12:31:09 +0000
Hi,
I am running a RedHat 7.1 Linux - snort Version 1.8.1-RELEASE (Build 74)
After configuring --enable-flexresp I tried to add the following more or less 
based on an example from the faq:

/* in snort.conf */
ruletype redalert
{
  type alert
  output alert_syslog: LOG_LOCAL2
}

/* in local.rules */
redalert tcp any any  -> any any (msg:"REDRUM REDRUM"; 
content:"redalerttest"; resp: rst_all)

When I trigger the alert, it gets logged just fine but the offending session 
does not get RST. Nor is there any sign of a RST-packet in my network dumps.

Various snips from configure and make:
running /bin/sh ./configure  --enable-flexresp --no-create --no-recursion

gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap  -DENABLE_SSL 
-I/usr/include  -g -O2 -Wall -DENABLE_RESPONSE -D_BSD_SOURCE -D__BSD_SOURCE 
-D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c snort.c

Can anybody help me ? Thank you in advance.

all the best .... Erik

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: