Snort mailing list archives
Active respone in passive mode
From: Seyed Amin Salehi <salehi.seyedamin () gmail com>
Date: Wed, 31 Jul 2013 08:35:41 +0430
hi.i install snort 2.9.5 on backtrack 5 R3.i config snort.conf like this: preprocessor stream5_global: track_tcp yes, \ track_udp yes, \ track_icmp no, \ max_tcp 262144, \ max_udp 131072, \ max_active_responses 25, \ min_response_seconds 25 config response: device ip attempts 20 i write a rule in local.rules like this: alert tcp 10.10.9.40 any -> x.x.x.x 80 (msg:"target site visited";resp:rst_snd;sid:1000000;) i start snort like this: snort -q -c /etc/snort/snort.conf -A console my browser before staring snort was closed and i clear the cache of browser.after start snort when i open the browser and want to visit target site active response don't work.the output of snort like this: 07/30-08:36:44.368316 [**] [1:1000000:0] target site visited [**] [Priority: 0] {TCP} 10.10.9.40:51444 -> x.x.x.x:80 but active response dont work and i can see the target site.why?
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Active respone in passive mode Seyed Amin Salehi (Aug 05)