react: block not working

["Micheal.Cottingham" <micheal.cottingham () svccchr1 sv vccs edu>]

As per the subject, react: block does not seem to be working. ACID is still picking up the alerts even though react: 
block is set. An example 
rule is: 

alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg: "ICMP Large ICMP Packet"; dsize: > 800; react: block; reference: 
arachnids, 246; 
side: 499; rev: 3 classtype: bad-unknown;)

I am doing this for other things such as MSSQL Propogation Attempt, NMAP Ping, etc. I especially want to block ICMP 
Large Packet as the 
TTL's have been modified, and the payload is a bit screwy to say the least. MSSQL Propogation Attempt is another big 
one on my list. I am in a 
pure windows environment and my boss is not favorable of *nix, so hogwash is out of the question I'm afraid. 
snort-inline is also just *nix if I 
am not mistaken, is it not? I am using Snort 2.1. Any help would be greatly appreciated.


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users