Snort mailing list archives
flexresp
From: Erik Wienberg <ew () dmi dk>
Date: Thu, 25 Oct 2001 12:31:09 +0000
Hi, I am running a RedHat 7.1 Linux - snort Version 1.8.1-RELEASE (Build 74) After configuring --enable-flexresp I tried to add the following more or less based on an example from the faq: /* in snort.conf */ ruletype redalert { type alert output alert_syslog: LOG_LOCAL2 } /* in local.rules */ redalert tcp any any -> any any (msg:"REDRUM REDRUM"; content:"redalerttest"; resp: rst_all) When I trigger the alert, it gets logged just fine but the offending session does not get RST. Nor is there any sign of a RST-packet in my network dumps. Various snips from configure and make: running /bin/sh ./configure --enable-flexresp --no-create --no-recursion gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap -DENABLE_SSL -I/usr/include -g -O2 -Wall -DENABLE_RESPONSE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c snort.c Can anybody help me ? Thank you in advance. all the best .... Erik _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FlexResp Rob Collins (Oct 04)
- <Possible follow-ups>
- flexresp Erik Wienberg (Oct 25)