active response in passive mode

[Seyed Amin Salehi <salehi.seyedamin () gmail com>]

hi.i install snort 2.9.5 on backtrack.i config snort.conf like this:
preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 25, \
   min_response_seconds 25

config response: device ip attempts 20

i write a rule in local.rules like this:
alert tcp 10.10.9.40 any -> x.x.x.x 80 (msg:"target site
visited";resp:rst_snd;sid:1000000;)
i start snort like this:
snort -q -c /etc/snort/snort.conf -A console
my browser before staring snort was closed and i clear the cache of
browser.after start snort when i open the browser and want to visit target
site active response don't work.the output of snort like this:
07/30-08:36:44.368316  [**] [1:1000000:0] target site visited [**]
[Priority: 0] {TCP} 10.10.9.40:51444 -> x.x.x.x:80
but active response dont work and i can see the target site.why?

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!