[Snort-devel] Problem with snort 1.8.1 and FlexResp

Yann Saint-Jalmes worm at ...619...
Mon Aug 20 05:31:51 EDT 2001


I have a problem with snort 1.8.1 and the FlexResp that never generate any
packet to drop offending connections.

LibNet 1.0.2a is installed, I compiled snort with --enable-flexresp, and I
have rules like this :

  alert tcp 192.168.1.5/32 any -> any any (resp: rst_all; msg: "IP NOT
ALLOWED";)

Options for my snort :

  snort -i eth1 -Ddl /var/log/ids -h 192.168.1.0/24 -c /etc/snort/snort.conf
  (running on a slack 7.1 with a kernel v2.4.4)

For information, I try Hogwash 0.1.d and it succeed to generate RST packets
and kill sessions.

Is someone else has the same problem ?






More information about the Snort-devel mailing list