[Snort-devel] Snort REACT Response

Peter Fraser pjfraser82 at ...2499...
Tue Dec 2 19:38:42 EST 2014


Hi,

Attached is my snort.conf

Thanks for the response. I provide the complete packet captures etc when I
get a chance to set this up this afternoon.

Cheers.

On Wed, Dec 3, 2014 at 1:47 AM, Hui cao <huica at ...3461...> wrote:

>  Hi Peter,
>
> Can you run your configuration with Dump daq and -r <pcap> in command
> line?  ( --daq dump --daq-var load-mode=read-file -Q ). You should see the
> response page in the inline-out.pcap if the snort configuration is correct.
>
> Can you provide pcap when this fails?
>
> Best,
> Hui.
>
> On 12/01/2014 11:22 PM, Peter Fraser wrote:
>
> Hi,
>
> Does anyone know if there are any issues with the correct stable release
> and the REACT response. I cannot get it to respond with the HTML template.
>
>  Below is an email I have sent to snort user group but have not had alot
> of traction.
>
>  Thanks
>
>  --------------------------------
>
>  Hi,
>
>  I have setup snort running as an IPS using NFQUEUE.
>
>  I can detect rules and run block and deny on them however I cannot seem
> to get react to respond with a html page.
>
>  here is my configure command:
>
>  ./configure --enable-sourcefire --enable-open-appid --enable-react
>  --enable-flexrsp3
>
>  I am running Snort  2.9.7.0
>
>  my rule example is:
>
>  drop tcp any any -> any $HTTP_PORTS  (msg:"http://www.news.com.au";
> content:"news.com.au"; react: msg; sid:283; rev:1;)
>
>  I have followed the docs and I am happy to accept all defaults at this
> stage with regard to the response but the connection still just times out
> regardless.
>
>  Any help is greatly appreciated.
>
>  Cheers
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREEhttp://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Snort-devel mailing listSnort-devel at ...3458...://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141203/ef7a9818/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort (1).conf
Type: application/octet-stream
Size: 27298 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20141203/ef7a9818/attachment.obj>


More information about the Snort-devel mailing list