Snort mailing list archives
Re: Resp: and react: don't work on w2k and XP ?
From: "Troll" <Troll () AsylumChat Net>
Date: Tue, 20 Aug 2002 02:09:33 +0200
Thank you Matt Kettler that is working now snort knows about resp: but know the next problem will be occured An error will be send to me and snort dieing every time AppName: snort.exe AppVer: 0.0.0.0 ModName: packet.dll ModVer: 3.0.0.13 Offset: 00001d7d and I don't know if its right but my Task-Manager shows me several new Programms (don't know realy couse winpcap or snort) phfqk.exe , snixmb.exe, phcop.exe ... some more but back to my dieing snort couse failure in packet.dll don't know its raely an failure in snort or in winpcap or in my rules alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"file-finder outa there1a"; flags: A+; content:"file-"; nocase; classtype:string-detect; sid:2000000; rev:1; resp: rst_all; ) is one of my rules .. they shoud block packets that contains 'file-' I startet snort with the snort panal witch set folloing to start snort E:\Snort\snort.exe -l "E:\Snort\log" -c "E:\Snort\edonkey.rules" -P 500 -a -e -o -d -A full can some one tell me if its realy an failure in packet.dll or if its me or is it XP ? my choice of installing snort for win32 is know only flexresp greetz Troll ----- Original Message ----- From: "Matt Kettler" <mkettler () evi-inc com> To: "Troll" <Troll () asylumchat net>; <snort-users () sourceforge net> Sent: Monday, August 19, 2002 9:15 PM Subject: Re: [Snort-users] Resp: and react: don't work on w2k and XP ?
You really don't want to have all the boxes checked.. Pick ONE. It would appear that what checking all of them does is installs multiple snort.exe files, one on top of the other.. The one you wind up with is the last in the list, which doesn't have flexresp support. The snort w/flexresp only .exe file is 307,200 bytes from the snort-1.8.7-win32.exe installer. At 09:08 PM 8/19/2002 +0200, Troll wrote:Hi Thats my Problem I get the pre compiled Version binarie for win32 version 1.8.7-win32.exe At the INstallation I made custom installation and flexsep and all other choices are marked. (made a full installation) Thats why I'm wondering I'm using XP prof. and winpcap 3.0 alpha------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snortcenter faq/mailing list anywhere? peterm (Aug 16)
- Resp: and react: don't work on w2k and XP ? Troll (Aug 17)
- Re: Resp: and react: don't work on w2k and XP ? Matt Kettler (Aug 19)
- Re: Resp: and react: don't work on w2k and XP ? Troll (Aug 19)
- Re: Resp: and react: don't work on w2k and XP ? Matt Kettler (Aug 19)
- Re: Resp: and react: don't work on w2k and XP ? Troll (Aug 19)
- Re: Resp: and react: don't work on w2k and XP ? Matt Kettler (Aug 19)
- Re: Resp: and react: don't work on w2k and XP ? Matt Kettler (Aug 19)
- Resp: and react: don't work on w2k and XP ? Troll (Aug 17)
- RE: Problem with mysql? Lucretia Enterprises (Aug 27)
- RE: Problem with mysql? Srijith.K (Aug 27)
- RE: Problem with mysql? James Friesen (Aug 28)