[Snort-users] Linux - FlexResp

Brian Dinello briandinello at ...125...
Tue Sep 26 15:00:17 EDT 2000


I have Snort compiled and running on a Linux 6.2 box.  When I create a rule 
to use any FlexResp option, it logs the traffic as it should, but then lets 
the traffic pass.  I configured the appropriate options during the compile.  
See the 2 examples:

log ICMP !10.83.208.41/32 any -> 10.83.208.41/32 any (msg:"ICMP request to 
Redhat Box"; resp: rst_all;)

log TCP any any -> 10.83.208.41/32 21 (msg:"FTP attempt from intrnal"; resp: 
rst_all;)


Any ideas?  Thanks in advance,

Brian Dinello
Internet Security Specialist
Allegheny Power


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.




More information about the Snort-users mailing list