[Snort-users] Win2K Advanced Server problems

John Girvin john.girvin at ...1795...
Wed Apr 11 10:40:24 EDT 2001


Hi,

I've got snort-1.7-win32-FlexRESP-static installed on a Win2K Advanced
Server box set up as follows:
  - Win2K Advanced Server + SP1 + latest patches
  - Exchange 2000
  - Terminal Services in Remote Admin mode
  - Two NICs, NETGEAR FA-311

Im having some problems getting the resp: rule option to work.
I'm using the following simple (test) ruleset to drop port 25
connections:

-----8<----------------------
preprocessor defrag
alert tcp any any -> $EXT_IP 25  (msg: "smtp connection"; resp: rst_all; )
----->8----------------------

When I run snort it initialises OK and seems to capture packets as you
would expect. However when a port 25 packet comes in, I get lots of the
following message:
	PacketSendPacket failed 

When I quit snort it complains as follows:
	pcap_loop: read error: PacketReceivePacket failed
	pcap_stats: PacketGetStats error

Any ideas or suggestions as to whats broken?

Thanks,
/John





More information about the Snort-users mailing list