Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FlexResp (Not working?)

From: "Carlos Kumbak" <ckumbak () bol com br>
Date: Wed, 22 Jan 2003 04:14:57 -0200
Hi,

I need a help from you guys...

I'm using:
-Snort 1.9 (--enable-flexresp)
-Libpcap 0.7.1
-Libnet 1.0.2a

Some time ago (the older snort versions) It was possible
to abort connections using flexresp... Let's say that
I'm running snort with the following rule (that works
before):

-----------------------
alert tcp any any -> any 25
(msg:"test";content:"test123";resp:rst_all;)
-----------------------

Snort started without problems...

Now... from another computer I try:

-----------------------
telnet gateway 25
Trying XX.XX.XX.XX...
Connected to gateway
Escape character is '^]'.
220 gateway (experimental box) ESMTP
-----------------------

Then I type:
-----------------------
test123 <enter>
500 5.5.1 Command unrecognized: "test123"
-----------------------

Snort identifies the content but didn't droped the
connection...
-----------------------
Jan 22 02:05:08 gateway snort: [1:0:0] test <eth0> {TCP}
XXX.XXX.XXX.XXX:53344 -> XXX.XXX.XXX.XXX:25
-----------------------

I remember that this rule works before... I used
flexresp lot... but now I'm losing my mind to try
understand what is wrong.

Please... may someone help?


Best regards.
__________________
Carlos Kumbak
ckumbak () bol com br



__________________________________________________________________________
E-mail Premium BOL
Antivírus, anti-spam e até 100 MB de espaço. Assine já!
http://email.bol.com.br/




-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: