Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Flexresp problem

From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 20 Apr 2002 12:03:46 -0700 (PDT)
On Sat, 20 Apr 2002, Tudor Panaitescu wrote:


OK. Used my workstation, "pure" RH7.2, all the updates from RH installed,
libnet-1.0.2a-1snort, libpcap-0.6.2-9, snort compiled locally, no aliases on any
interface, apache-fp-1.3.22-6, same set of rules as on the production boxes, no
resp in any of the rules ... and .... the same problem. Connections matching the
rules are reset (icmp_all in the alerts log) even if there's no resp in the rule
.... Does it make any sense ? Is anybody else having the same problem ?



Ok, One thing that I can think of--Try the "real" version of libpcap from
tcpdump.org.  Yank the rpm and drop in the new one.  Also is the libpnet a
'special' version for snort?  "libnet-1.0.2a-1snort" just looks odd...  If so,
yank it as well and build from libnet from scratch.

This is one of those things where rolling your own _usually_ is worth the
effort.  :)

But, other than that, I'm not sure why you're seeing such a odd thing....

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: