[Snort-devel] Snort REACT Response

Peter Fraser pjfraser82 at ...2499...
Mon Dec 1 23:22:46 EST 2014


Hi,

Does anyone know if there are any issues with the correct stable release
and the REACT response. I cannot get it to respond with the HTML template.

Below is an email I have sent to snort user group but have not had alot of
traction.

Thanks

--------------------------------

Hi,

I have setup snort running as an IPS using NFQUEUE.

I can detect rules and run block and deny on them however I cannot seem to
get react to respond with a html page.

here is my configure command:

./configure --enable-sourcefire --enable-open-appid --enable-react
 --enable-flexrsp3

I am running Snort  2.9.7.0

my rule example is:

drop tcp any any -> any $HTTP_PORTS  (msg:"http://www.news.com.au";
content:"news.com.au"; react: msg; sid:283; rev:1;)

I have followed the docs and I am happy to accept all defaults at this
stage with regard to the response but the connection still just times out
regardless.

Any help is greatly appreciated.

Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141202/8dc2f51b/attachment.html>


More information about the Snort-devel mailing list