[Snort-users] Win2K Advanced Server problems

Burleson, Lee (IA) Lee.Burleson at ...1358...
Wed Apr 11 11:29:36 EDT 2001


John -

You are not alone.

I have not seen resolution to this problem yet.  Michael Davis is head of
the Snort Win32 port.  I have seen threads relating to troubles with this
functionality on *nix as well, so maybe it has general problems.

- Lee

> -----Original Message-----
> From: John Girvin [mailto:john.girvin at ...1795...]
> Sent: Wednesday, April 11, 2001 9:40 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Win2K Advanced Server problems
> 
> 
> Hi,
> 
> I've got snort-1.7-win32-FlexRESP-static installed on a Win2K Advanced
> Server box set up as follows:
>   - Win2K Advanced Server + SP1 + latest patches
>   - Exchange 2000
>   - Terminal Services in Remote Admin mode
>   - Two NICs, NETGEAR FA-311
> 
> Im having some problems getting the resp: rule option to work.
> I'm using the following simple (test) ruleset to drop port 25
> connections:
> 
> -----8<----------------------
> preprocessor defrag
> alert tcp any any -> $EXT_IP 25  (msg: "smtp connection"; 
> resp: rst_all; )
> ----->8----------------------
> 
> When I run snort it initialises OK and seems to capture packets as you
> would expect. However when a port 25 packet comes in, I get 
> lots of the
> following message:
> 	PacketSendPacket failed 
> 
> When I quit snort it complains as follows:
> 	pcap_loop: read error: PacketReceivePacket failed
> 	pcap_stats: PacketGetStats error
> 
> Any ideas or suggestions as to whats broken?
> 
> Thanks,
> /John
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list