[Snort-users] Linux - FlexResp
briandinello at ...125...
Tue Sep 26 15:00:17 EDT 2000
I have Snort compiled and running on a Linux 6.2 box. When I create a rule
to use any FlexResp option, it logs the traffic as it should, but then lets
the traffic pass. I configured the appropriate options during the compile.
See the 2 examples:
log ICMP !10.83.208.41/32 any -> 10.83.208.41/32 any (msg:"ICMP request to
Redhat Box"; resp: rst_all;)
log TCP any any -> 10.83.208.41/32 21 (msg:"FTP attempt from intrnal"; resp:
Any ideas? Thanks in advance,
Internet Security Specialist
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
More information about the Snort-users