[Snort-devel] Problem with snort 1.8.1 and FlexResp
worm at ...619...
Mon Aug 20 05:31:51 EDT 2001
I have a problem with snort 1.8.1 and the FlexResp that never generate any
packet to drop offending connections.
LibNet 1.0.2a is installed, I compiled snort with --enable-flexresp, and I
have rules like this :
alert tcp 192.168.1.5/32 any -> any any (resp: rst_all; msg: "IP NOT
Options for my snort :
snort -i eth1 -Ddl /var/log/ids -h 192.168.1.0/24 -c /etc/snort/snort.conf
(running on a slack 7.1 with a kernel v2.4.4)
For information, I try Hogwash 0.1.d and it succeed to generate RST packets
and kill sessions.
Is someone else has the same problem ?
More information about the Snort-devel