Snort mailing list archives
win32 snort (resp + react)
From: "Jon Baer" <security () jonbaer net>
Date: Sun, 6 Jul 2003 13:54:07 -0700
im attempting 2 simple rules as a test (on win32 port): alert tcp $HOME any -> any 80 (msg: "Port 80"; resp: rst_snd;) alert tcp $HOME any -> any 81 (msg: "Port 81"; react: block;) the first one tells me that resp is a bad keyword. the second actually can have block, warn, msg ... but on an outgoing connection nothing really happens. im expecting snort to kill the connection and not allow a request through (but the laptop still gets the content). am i missing something? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- win32 snort (resp + react) Jon Baer (Jul 06)
- Re: win32 snort (resp + react) Rich Adamson (Jul 06)
- Re: win32 snort (resp + react) Jeff Nathan (Jul 07)
- Re: win32 snort (resp + react) Rich Adamson (Jul 06)