Snort mailing list archives
Re: Flexresp problem
From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 20 Apr 2002 12:03:46 -0700 (PDT)
On Sat, 20 Apr 2002, Tudor Panaitescu wrote:
OK. Used my workstation, "pure" RH7.2, all the updates from RH installed, libnet-1.0.2a-1snort, libpcap-0.6.2-9, snort compiled locally, no aliases on any interface, apache-fp-1.3.22-6, same set of rules as on the production boxes, no resp in any of the rules ... and .... the same problem. Connections matching the rules are reset (icmp_all in the alerts log) even if there's no resp in the rule .... Does it make any sense ? Is anybody else having the same problem ?
Ok, One thing that I can think of--Try the "real" version of libpcap from tcpdump.org. Yank the rpm and drop in the new one. Also is the libpnet a 'special' version for snort? "libnet-1.0.2a-1snort" just looks odd... If so, yank it as well and build from libnet from scratch. This is one of those things where rolling your own _usually_ is worth the effort. :) But, other than that, I'm not sure why you're seeing such a odd thing.... ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Flexresp problem, (continued)
- Re: Flexresp problem Erek Adams (Apr 14)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Segmentation fault (core dumped) Carlos Augusto Silva (Apr 15)
- Re: Segmentation fault (core dumped) Erek Adams (Apr 15)
- Re: Flexresp problem Erek Adams (Apr 15)
- Segmentation fault (core dumped) Carlos Augusto Silva (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Re: Flexresp problem Erek Adams (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)
- Re: Flexresp problem Alwin Raymundo (Apr 20)
- Re: Flexresp problem Erek Adams (Apr 20)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)
- Re: Flexresp problem Tudor Panaitescu (Apr 21)
- Re: Flexresp problem Erek Adams (Apr 21)