Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: win32 snort (resp + react)

From: Jeff Nathan <jeff () snort org>
Date: Mon, 07 Jul 2003 01:18:59 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not sure if Jon was talking about the code I sent out specifically to 
the list of people testing the new code.

Thanks for responding in any case Rich.

Let me be 100% clear.  Jon, if you are testing the new code, please respond 
directly to the list of testers and myself rather than this list.

- -Jeff

- --On Sunday, July 6, 2003 13:13 -0600 Rich Adamson <radamson () routers com> 
wrote:


Jon,


im attempting 2 simple rules as a test (on win32 port):

alert tcp $HOME any -> any 80 (msg: "Port 80"; resp: rst_snd;)
alert tcp $HOME any -> any 81 (msg: "Port 81"; react: block;)

the first one tells me that resp is a bad keyword.


The Win32 executable that Jeff sent all of us for testing had a bug
in it that kept "resp:" from being recognized as a keyword. After he
corrected that, I also noticed the keyword had no impact (eg, rst_snd
was not sent).


the second actually can have block, warn, msg ... but on an outgoing
connection nothing really happens.  im expecting snort to kill the
connection and not allow a request through (but the laptop still gets the
content).

am i missing something?


Not missing a thing. Jeff was going to debug the code this weekend. If
his weekend is/was as busy as mine, it will probably be a few days
before we hear anything.

Rich




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




- --
http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from mediocre
minds.
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/CSzzEqr8+Gkj0/0RAiRHAKCQBGA5Yp2p4ESEVWd4XJua3pwUxwCgkZPm
XOYAjvlytBLZ8+WRSFO03nI=
=kP/w
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: