Snort mailing list archives
Re: Help! An error about "reject" action with build261
From: Meridoff via Snort-users <snort-users () lists snort org>
Date: Wed, 16 Oct 2019 12:53:02 +0300
I had such problem. For me It's enough to specify is active.device = "ip | ethN" . Minimally. ср, 16 окт. 2019 г. в 10:39, sofardware via Snort-users < snort-users () lists snort org>:
Hi all,
I start snort(build261) failed with reject = { } in snort.lua,
and the error is as follow . But it can be done successfully with snort
version of build 250.
The error is as follow:
FATAL: Active response: can't open
Fatal Error, Quitting..
After my debuging , I found when add the follow config to snort.lua
can resolve the above erro with reject = {}:
active =
{
attempts = 2,
device = "eth0",
dst_mac = "00:06:76:DD:5F:E3",
}
The snort3_manual says:dst_mac will change response destination MAC
address, if the device is eth0, eth1, eth2 etc. Otherwise, response
destination MAC address is derived from packet.
What is more important, I do not want to set a fixed MAC address rather
than want the response destination MAC address is derived from packet.
So How to resolve it?
Another question, what is difference between reject and reset as rule
action ?
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave () lists snort org
Please visit http://blog.snort.org to stay current on all the latest
Snort news!
Please follow these rules:
https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Help!!! snort_build261 can not reload config successfully with daq in nfq, (continued)
- Help!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Russ Combs (rucombs) via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 09)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq sofardware via Snort-users (Oct 10)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Michael Altizer (mialtize) via Snort-users (Oct 10)
- Re: Help please!!! snort_build261 can not reload config successfully with daq in nfq Michael Altizer (mialtize) via Snort-users (Oct 11)
- new Help please!!! snort_build261 appid can not identify http sofardware via Snort-users (Oct 12)
- Help! An error about "reject" action with build261 sofardware via Snort-users (Oct 16)
- Re: Help! An error about "reject" action with build261 Meridoff via Snort-users (Oct 16)
- Re: Help! An error about "reject" action with build261 sofardware via Snort-users (Oct 16)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 sofardware via Snort-users (Oct 10)
- Re: snort3_build261 cannot work with nfq Re:Re: Help! A critical error in appid, but not occur every time。 Michael Altizer (mialtize) via Snort-users (Oct 11)