Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Flexible Response

From: kongi <kongi () kongi eu org>
Date: Fri, 14 Nov 2003 23:02:20 +0100
On Fri, Nov 14, 2003 at 01:40:05PM -0500, snort wrote:


      This version is statically compiled with flexible response 

      I rpm -qip snort-2.0.4 and it states that flexible response is
compiled into the package,
      but when I create a rule and use the resp keyword I get the below
error. 
      I have also tried to use the react option and I get the same error.

      Warning: /etc/snort/rules/icmp.rules(44) => Unknown keyword 'resp'
in rule!
Warning: /etc/snort/rules/icmp.rules(44) => Unknown keyword 'react' in rule!



if U user fles_resp (1) - U must, define in config (example):
# reset sender
var RESP_TCP resp:rst_snd;
var RESP_TCP2 resp:rst_rcv;

#reset all
var RESP_TCP_URG resp:rst_all;

#var RESP_UDP resp:icmp_port,icmp_host;
var RESP_UDP resp:icmp_host;

or, if U user fles_resp2, U must configure --fles_resp2 (not 
documented in configure --help)

I thing, U use rules contrib - where define fles_resp2

regards
-->k


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: