Snort mailing list archives
Re: snort 2.8.5.3 with react keyword not sending msg to browser
From: "RMS, Admin" <Admin.RMS () apx fr>
Date: Tue, 27 Apr 2010 16:53:06 +0200
Oui : ERROR: /etc/snort_inline/rules/local.rules(8): invalid react modifier: proxy 8000 A+ alexandre -----Message d'origine----- De : rmkml [mailto:rmkml () free fr] Envoyé : mardi 27 avril 2010 15:57 À : RMS, Admin Cc : rmkml () free fr Objet : Re: [Snort-users] snort 2.8.5.3 with react keyword not sending msg to browser heu petite question, tu as la même erreur si tu mets un autre port dans l'option proxy svp? car par défaut c'est le port 8080 qui est dans le code de l'option proxy... a+ Rmkml On Tue, 27 Apr 2010, rmkml wrote:
Bonjour, Je t'écrit en direct car le Français est plus facile pour moi. Peut être quelques infos utiles dans ses liens pour toi: http://snortattack.org/node/265 http://cvs.snort.org/viewcvs.cgi/*checkout*/snort/Attic/sp_react.c?rev=1.10&sortby=rev Ca ne fonctionne pas du tout ou tu cherches à optimiser? (car je crois qu'il te manque dans tes rules snort: la direction et pas <>, puis le flow:to_server...) a+ Rmkml On Tue, 27 Apr 2010, Joel Esler wrote:I don't know, I don't run Snort on Windows. I don't run the react keyword. I was basically saying that your format is correct in your rule, maybe someone else can pipe in and give you an opinion as well. Joel On Tue, Apr 27, 2010 at 9:16 AM, RMS, Admin <Admin.RMS () apx fr> wrote: Is it working on Windows as well as on Linux (idem for Mozilla and Internet Explorer) ? What kind of message is supposed to appear on client Web browser (html, pop-up, ...) ? Thanks, Alexandre De : Joel Esler [mailto:jesler () sourcefire com] Envoyé : mardi 27 avril 2010 15:11 À : RMS, Admin Cc : Snort Users Objet : Re: [Snort-users] snort 2.8.5.3 with react keyword not sending msg to browser /** please make sure you cc the snort-users group **/ It looks like you have the field typed correctly, I am not sure why Snort isn't accepting it. Joel On Tue, Apr 27, 2010 at 9:08 AM, RMS, Admin <Admin.RMS () apx fr> wrote: Hello Joel, Thanks for your answer. Did you build Snort with --enable-react at ./configure time? è Yes, I did, and no error at ./configure, make, make install time Br, Alexandre De : Joel Esler [mailto:jesler () sourcefire com] Envoyé : mardi 27 avril 2010 14:52 À : RMS, Admin Cc : snort-users () lists sourceforge net Objet : Re: [Snort-users] snort 2.8.5.3 with react keyword not sending msg to browser Did you build Snort with --enable-react at ./configure time? Joel On Apr 27, 2010, at 7:26 AM, RMS, Admin wrote: Hello, I'm using snort 2.8.5.3 inline, and i try to set up a msg with the react keyword for users (ip) which trigger the following alert : alert tcp any any <> $EXTERNAL_NET 80 (content:"GET"; \ msg:"Notforchildren!";sid:111000101;react:block, msg;) The alert is seen in the snort log, but not in the user's browser. (I suppose that the content of the msg send to the browser is "Notforchildren!") Then, I'v tried with alert tcp any any <> $EXTERNAL_NET 80 (content:"GET"; \ msg:"Notforchildren!";sid:111000101;react:block, msg, proxy 8080;) I don't understand the modifier "proxy". It is a local port which send the msg to user or is it the web proxy ? And the following error occurs when starting snort : ERROR: /etc/snort_inline/rules/local.rules(7): invalid react modifier: proxy 8080 Question : How snort send message to browser ? Does it with any Os or browser (IE, Firefox...) ? Thanks in advance, Al.
- --------------------------------------------------- Scan Virus/ASpam par MessageLabs pour APX Pv. . --------------------------------------------------- Avant d'imprimer ce message, pensez à la protection de notre environnement. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 2.8.5.3 with react keyword not sending msg to browser RMS, Admin (Apr 27)
- Re: snort 2.8.5.3 with react keyword not sending msg to browser Joel Esler (Apr 27)
- Message not available
- Re: snort 2.8.5.3 with react keyword not sending msg to browser Joel Esler (Apr 27)
- Re: snort 2.8.5.3 with react keyword not sending msg to browser RMS, Admin (Apr 27)
- Re: snort 2.8.5.3 with react keyword not sending msg to browser Joel Esler (Apr 27)
- Re: snort 2.8.5.3 with react keyword not sending msg to browser Russ Combs (Apr 27)
- Re: snort 2.8.5.3 with react keyword not sending msg to browser RMS, Admin (Apr 28)
- Message not available
- Message not available
- Re: snort 2.8.5.3 with react keyword not sending msg to browser RMS, Admin (Apr 27)
- Message not available
- Re: snort 2.8.5.3 with react keyword not sending msg to browser Joel Esler (Apr 27)
- Re: snort 2.8.5.3 with react keyword not sending msg to browser Nerijus Krukauskas (Apr 27)