Home page logo
/

snort logo Snort mailing list archives

Re: problem with Flexresp3
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 7 Oct 2010 08:43:06 -0400

On Thu, Oct 7, 2010 at 2:13 AM, Tica <ticagugino () gmail com> wrote:

Hello all,

I'm using snort 2.9.0 but something is wrong... Flexresp is not working as
it should. Snort detection is ok, but flexresp don't send the response
packs... I already tried several different configurations without success...
I'm using the parameter resp:rst_all;


Can you test this in readback mode with a pcap?  If so, run snort with --daq
dump and examine the inline-out.pcap file it produces to see if the response
is in there.  Let me know and we can go from there.


This is the enviroment I'm using snort: libdnet libdnet-1.12,
libcap-1.1.1, daq-0.2, kernel 2.6.35.7-smp, Slackware 13.0.
This is the config options I used to build snort:

 ./configure --prefix=/usr \
--sysconfdir=/etc \
--sharedstatedir=/var \
--enable-zlib \
--enable-targetbased \
--enable-decoder-preprocessor-rules \
--enable-perfprofiling \
--enable-gre \
--enable-mpls \
--enable-linux-smp-stats \
--enable-ppm \
--enable-normalizer \
--enable-react \
--enable-active-response \
--enable-flexresp3 \
--enable-sourcefire \
--enable-dynamicplugin \
--enable-pthread \
--enable-reload

Any help will be really appreciated!

Thanks in advance!!!

--
Tica ;-)



------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]