[Snort-devel] [ snort-Bugs-461016 ] problem with react

noreply at ...12... noreply at ...12...
Sun Mar 3 18:14:02 EST 2002


Bugs item #461016, was opened at 2001-09-12 13:59
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=461016&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 3
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Fyodor Yarochkin (fygrave)
Summary: problem with react

Initial Comment:
I have a sentence like "alert tcp any any <>
my_host_ip_address any (content: "GET"; msg "Stop!";
react: block, msg;)"

I recive an error "Critical: SendTCP: libnet_write_ip". 

The most strange thing is that with another sentences
like "alert tcp any any <> my_host_ip_address any (
content: "GET"; resp: icmp_net;)" It works

What happend?

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2002-02-26 04:24

Message:
Logged In: NO 

I get exactly the same result, my set up is: RedHat 7.2 on 
i386 with no update, install by rpm: libnet-1.0.2a-1snort, 
snort-1.8.3-5snort then snort-mysql+flexresp-1.8.3-5snort, 
all downloaded for www.snort.org.

The react keyword didn't work, whil resp did.

More over, the second msg, as described in user manual 
1.83, should 'include the msg option text into the blocking 
visible motice'. Anyway, I tried without the second msg but 
still failed.


----------------------------------------------------------------------

Comment By: Fyodor Yarochkin (fygrave)
Date: 2001-11-06 21:37

Message:
Logged In: YES 
user_id=60781

1. did you forget ':' after msg :) (also any reason to use
double 'msg')
2. I'd love to see output with --enable-debug (also if you
could mail us your snort.conf as-is for testing, would be
great!

----------------------------------------------------------------------

Comment By: Martin Roesch (roesch)
Date: 2001-09-27 22:44

Message:
Logged In: YES 
user_id=18573

React is still beta code.  Can you read the BUGS file and
please send us the information that we need to make an
accurate diagnosis?  Thanks.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=461016&group_id=3357




More information about the Snort-devel mailing list