Snort mailing list archives

Flex but no response ....

From: "skill2die4" <skill2die4 () yahoo com>
Date: Tue, 15 Jan 2002 17:28:50 -0500

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
snort and related utilities version numbers :

libnet-1.0.2a-1snort.i386.rpm
libnet.tar.gz (1.0.2a)
libpcap (0.6)
snort -1.8.3 (built 88) [configured option=flexResp]
snort-plain+flexresp.1.8.3-5-i386.rpm
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

scenario :
-----------
10.0.0.3 --- pings to ---> 10.0.0.3

rule file ::
--------------
flexRESP.rules
alert icmp 10.0.0.3 any ---> any any (msg:"Not allowed";resp:icmp_host;)

snort activation
-------------------
snort -A full -c flexRESP.rules


Observation 
-------------
a. snort intialization reads -->

    1 snort rules read .... 
    1 option chain linked into 1 chain header
    0 dynamic rules

b. the PING from 10.0.0.3 works and gets back a result from 10.0.0.2;
   snort only WRITES to the ALERT file

 I tried using the REACT with "TCP && BLOCK , MSG" options and telnet
 from 10.0.0.3,the connect was refused ... however i didnt got any
 VISIBLE BLOCK MESSAGE from the other side.


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Flex Response woes Cody Hatch (Jan 15)
- Flex but no response .... skill2die4 (Jan 15)
  - Re: Flex but no response .... Joe McAlerney (Jan 15)