Snort mailing list archives
Re: React: block
From: "Pachulski, Keith" <KPachulski () corp ptd net>
Date: Mon, 25 Jun 2007 15:38:51 -0400
Per snort documentation, --enable-flexresp enables reactive functionality. Page 92 of the most recent documentation. -----Original Message----- From: snort-users-bounces () lists sourceforge net [mailto:snort-users-bounces () lists sourceforge net] On Behalf Of Zakai Kinan Sent: Monday, June 25, 2007 2:37 PM To: Snort Users Subject: Re: [Snort-users] React: block Where is the --enable-react? It has depencies as well. ZK --- "Pachulski, Keith" <KPachulski () corp ptd net> wrote:
Snort was compiled with --enable-gre, --enable-aruba, and --enable-flexresp # snort -V ,,_ -*> Snort! <*- o" )~ Version 2.6.1.5 (Build 59) '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. # uname -av Linux monitor 2.6.9-42.0.10.EL #1 Tue Feb 27 09:24:42 EST 2007 i686 i686 i386 GNU/Linux When I try to run snort with the react: block I get the following error snort[6099]: FATAL ERROR: /home/snort/local.rules(8): SnortSnprintf failed alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"PORN anal sex"; content:"anal sex"; nocase; flow:to_client,established; classtype:kickass-porn; sid:1317; rev:5; react: block;) So what am I doing wrong =)
------------------------------------------------------------------------ -
This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
________________________________________________________________________
____________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
------------------------------------------------------------------------
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- React: block Pachulski, Keith (Jun 25)
- Re: React: block Zakai Kinan (Jun 25)
- Re: React: block Todd Wease (Jun 25)
- <Possible follow-ups>
- Re: React: block Pachulski, Keith (Jun 25)
- Re: React: block Zakai Kinan (Jun 25)
- Re: React: block Pachulski, Keith (Jun 25)
- Re: React: block Zakai Kinan (Jun 25)
- Re: React: block Pachulski, Keith (Jun 25)
- Re: React: block Dirk Geschke (Jun 25)