Anybody using the react keyword in 2.1?

[David Gianndrea <dgianndrea () comsquared com>]

Im playing with a rule that uses the react keyword.

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"PORN
www.bobblers.com"; content:"bobblers.com"; nocase;
flow:to_client,established; react: block, msg;)


It works, however the web client does not display the
message that is in sp_react.c. I did confirm that the
packet that contains message contained in sp_react.c
reaches the users workstation using Ethereal.

Maybe it is an html thing as both Netscape 7.1, and IE 6
don't display it. Netscape 7.1 does bring up a dialog
box that states " The document contains no data"

Any thoughts?

--
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.

Email:   dgianndrea () comsquared com
Web:     www.comsquared.com




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users