Snort mailing list archives

Previous By Date Next
Previous By Thread Next

I found a bug

From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Mon, 15 Apr 2002 09:14:43 -0500
Hi guys,

I don't know if this is a bug or a feature:

here is the scenario

local.rules:
pass tcp 65.192.117.0/24 any -> $HOME_NET 22 (msg:"SSH access";flags: A+;)
alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"SSH from unknown";flags: A+;resp: rst_all;)

I have a freebsd running ipf firewall and it also runs snort 1.8.6 build 105.

I've been running snort for almost a week now and was really impressed with
flexresp, you know it. :-)

Last night, I changed the start-up parameters of snort. I just noticed this morning
that my flexresp rule doesn't work anymore. If snort is executed with -z est, then
flexresp will fail. I did 3 test and I am very sure that when snort is ran with -z est,
flexresp will fail.

So, is this bug?

Thanks.

Neil

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: