Is there a bug with flexresp and UDP alerts?

[Jason Haar <Jason.Haar () trimble co nz>]

Snort-2.00 under Redhat (but I see no mention of a fix in 2.01)

I'm using flexresp fine with TCP connections (with "resp: rst_all"), but
when I insert "resp: icmp_all;" into existing UDP alerts, they never trigger
the error packets: I know they don't trigger ICMP resets as tcpdump shows no
ICMP packets, and yet snort does the alert via syslog fine. i.e. the alert
works but no reset occurs.

Any ideas?

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users