Re: Snort v1.9.0 on Win2k: resp error

[Rich Adamson <radamson () routers com>]

> Snort v1.9.0 on a Win2kPro box. Runs fine, alerts logged to syslog fine,
> all is well, except...
>
> Installed the FlexResp_Release version from silicondefense and tested
> all basic functions used in the previous stripped version. Now trying
> to play with "resp:rst_snd" for the first time. Been using a basic
> telnet any->any rule for testing, which does cause proper alerts and
> syslog entries (for testing purposes).  However, the "resp:rst_snd" 
> option causes repeated:
>   PacketSendPacket failed
> error in the command line window.
>
> Anyone know whether the error is associated with snort, libpcap, or
> libnetnt.dll?
>
> I'm thinking my libpcap might be old, but don't really have a clue at
> this point.

To reply to my post...

I found the problem. The LibnetNT.dll included in the Windows
distribution is an old version and apparently does not support
the "resp:rst_snd" rule option within snort. Replacing this dll
with a newer one (v1.1.0) from www.packetfactory.net/libnet
corrected the problem.

Also, several syntax errors in the README.FLEXRESP that is
distributed. This file suggests a syntax of "resp=rst_snd",
which causes snort to barf. The correct systax is "resp:rst_snd".



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users