Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Why resp and session option Dont work!?

From: soldier Mx <soldi3rmx () yahoo com mx>
Date: Wed, 28 Jan 2004 00:15:19 -0600 (CST)
Hello well, i asked before but nobody asnwered..
and
when i try to do this rule that looks and is almost
equals to some default ones that are in *.rules
when i add the option of session in the logs, doesnt
Capture all the session of the atacker.. WHY ???

alert tcp any any -> $HOME_NET 22 (msg: "Alguien se
loguio por ssh checa
    los logs!"; session:printable;)

and the other thing is, that if RESP really works ???
i have been testing it, and i cant disconnect or reset
the TCP conection of some user that matched the rule..

what happend :S??


thanks in advance i will really apreaciate


from mexico


_________________________________________________________
Do You Yahoo!?
La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: