Snort mailing list archives
Flex Response on Win32
From: "Beech, Martin" <Martin.Beech () POLK CO UK>
Date: Tue, 16 Jul 2002 12:58:00 +0100
Hi there, New to snort. Trying to get it to kill connections under certain conditions and getting no joy. I'm using: SNORT Version 1.8.7beta5-ODBC-FlexRESP-WIN32 (Build 128) LIBNETNT.DLL (binary 1.0.2c) Downloaded from securitybugware.org today WPCAP 2.3 W2K SP2 I've tried the various libnetnt.dll's around, including the one with the distribution of Snort I installed. These either GPF'd or "PacketSendPacket fail"ed on me. The one I'm using from securitybugware does not produce errors, but it does not kill the connections either. The rule I'm testing under is alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP passwd retreval attempt"; flags:A+; content:"RETR"; nocase; content:"passwd"; resp: rst_all,icmp_all; reference:arachnids,213; classtype:suspicious-filename-detect; sid:356; rev:4;) Am I doing something dumb - does the LIBNETNT.DLL need installing in some way, rather than just copying to the snort directory? Thanks in advance, Martin This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. Although this message and its contents have been scanned for viruses and no viruses were detected, no responsibility whatsoever is accepted by the Company, or any of its offices or companies for any loss or damage arising in any way from receipt or use thereof. If you have received this email in error please delete this message and notify the Polk System Administrator at postmaster () polkglobal com. _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/ ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flex Response on Win32 Beech, Martin (Jul 16)