Snort mailing list archives

Error on new Rule

From: "Ron Jenkins" <rjenkins () dibr net>
Date: Wed, 16 Mar 2005 08:12:03 -0600

On the below new rule, I added the react:block for the FlexResp feature
of snort.  

 

alert udp $HOME_NET any -> $EXTERNAL_NET 41170 (msg:"P2P Manolito Search
Query"; content:"|01 02 00 14|"; offset:16; depth:4;
reference:url,www.blubster.com; reference:url,openlito.sourceforge.net;
react:block; classtype:policy-violation; sid:3459; rev:2;)

 

I get the below error:

 

ERROR: Line /etc/snort/local.rules(28): TCP Options on non-TCP rule

Fatal Error, Quitting..

 

Does FlexResp only work on TCP rules and not UDP?

 

Thanks...

 

 

Ron Jenkins (MCNE, CNE6, MCP, CCNA, CCEA) 
Senior Architect 
Data Integrity, LLC 
"We Integrate People with Solutions" 
1724 Dallas Drive 
Suite 11 
Baton Rouge, La 70806 
Office. 225.927.8030 
Fax. 225.927.8033 
Cell225.931.1632 
Email. rjenkins () dibr net 
Web. www.dibr.net

Current thread:

Error on new Rule Ron Jenkins (Mar 16)
- <Possible follow-ups>
- RE: Error on new Rule Ron Jenkins (Mar 16)
  - RE: Error on new Rule Kendall Risselada (Mar 16)
    - Re: Error on new Rule James Riden (Mar 16)
- RE: Error on new Rule Snort (Mar 16)
- RE: Error on new Rule Joshua Berry (Mar 16)