[Snort-sigs] Resp Keyword in Windows XP!!

Jeff Nathan jeff at ...95...
Wed Jul 30 17:09:31 EDT 2003

Hash: SHA1

Indeed someone is. :)

I'm going to release a general beta of flexresp2 tonight.  Windows users 
will be stuck using the version of Snort I pre-compile unless they're 
comfortable building their own version with Microsoft Visual Studio.

I'll be sending it to the lists before midnight PDT.

- -Jeff

- --On Tuesday, July 29, 2003 11:56 -0400 Matt Kettler
<mkettler at ...189...> 

> At 04:18 AM 7/29/2003 -0400, jthomas at ...1718... wrote:
>> Hello,
>>   I was wondering if you could tell me why I get a Warning: Unkown
>> keyword 'resp' in rule when I activate Snort?  I am running Snort on a
>> Windows
>> XP machine for a school project.  We were asked to right a rule that
>> would detect inbound Telnet and would reset both the sender and the
>> receiver.  I am using the command line version of Snort...I believe it
>> is version 2.0.  Here is the resp section of the rule that is saved in
>> the local.rules file: (resp: rst_all; msg:"Inbound Telnet Attempt";).
>> Hopefully you can help me!!
>> Thanks For Your Time,
> The resp keyword requires a build of snort that supports the optional
> flexresp feature. At present, flexresp does not work on Windows versions,
> but I did hear that someone was working on fixing it.
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/
> 01 _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

- --
http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from
mediocre minds.   - Albert Einstein
Version: GnuPG v1.2.2 (Darwin)


More information about the Snort-sigs mailing list