Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problems configuring react: msg;

From: "Hui Cao (huica)" <huica () cisco com>
Date: Wed, 26 Nov 2014 13:48:38 +0000
Hi Fraser,

Can you provide the configuration? Also the command line to run snort.

Best,
Hui.

From: Peter Fraser <pjfraser82 () gmail com<mailto:pjfraser82 () gmail com>>
Date: Tuesday, November 25, 2014 at 10:43 PM
To: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists 
sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Problems configuring react: msg;

Hi,

I have setup snort running as an IPS using NFQUEUE.

I can detect rules and run block and deny on them however I cannot seem to get react to respond with a html page.

here is my configure command:

./configure --enable-sourcefire --enable-open-appid --enable-react --enable-flexrsp3

I am running Snort  2.9.7.0

my rule example is:

drop tcp any any -> any $HTTP_PORTS  (msg:"http://www.news.com.au";; content:"news.com.au<http://news.com.au>"; react: 
msg; sid:283; rev:1;)

I have followed the docs and I am happy to accept all defaults at this stage with regard to the response but the 
connection still just times out regardless.

Any help is greatly appreciated.

Cheers

Fraser



------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: