Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: React: block

From: Zakai Kinan <titanyen2000 () yahoo com>
Date: Mon, 25 Jun 2007 12:45:07 -0700 (PDT)
If you do a ./configure --help you will see a separate
and distinct --enable-react.  Flexible response2 has
nothing to do with react.

ZK


--- "Pachulski, Keith" <KPachulski () corp ptd net>
wrote:


Per snort documentation, --enable-flexresp enables
reactive
functionality. Page 92 of the most recent
documentation.

-----Original Message-----
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net]
On Behalf Of Zakai
Kinan
Sent: Monday, June 25, 2007 2:37 PM
To: Snort Users
Subject: Re: [Snort-users] React: block


Where is the --enable-react?  It has depencies as
well.

ZK


--- "Pachulski, Keith" <KPachulski () corp ptd net>
wrote:


Snort was compiled with --enable-gre,
--enable-aruba, and
--enable-flexresp

# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.6.1.5 (Build 59)  
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire

Inc.,

et al.

# uname -av
Linux monitor 2.6.9-42.0.10.EL #1 Tue Feb 27
09:24:42 EST 2007 i686 i686
i386 GNU/Linux

When I try to run snort with the react: block

I get the following error

snort[6099]: FATAL ERROR:
/home/snort/local.rules(8): SnortSnprintf
failed

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET

any (msg:"PORN anal

sex"; content:"anal sex"; nocase;
flow:to_client,established;
classtype:kickass-porn; sid:1317; rev:5; react:
block;)

So what am I doing wrong =)





------------------------------------------------------------------------

-

This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2
express and take
control of your XML. No limits. Just data. Click

to

get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:




https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:




http://www.geocrawler.com/redir-sf.php3?list=snort-users






       


________________________________________________________________________

____________
Yahoo! oneSearch: Finally, mobile search 
that gives answers, not web links. 


http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC




------------------------------------------------------------------------

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2
express and take
control of your XML. No limits. Just data. Click to
get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users






 
____________________________________________________________________________________
Sucker-punch spam with award-winning protection. 
Try the free Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/features_spam.html

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: