[Snort-users] blocking packets with snort 1.7

Martin Roesch roesch at ...421...
Fri Jan 26 11:01:55 EST 2001


Did you set --enable-flexresp when you ran 'configure'?  If not, run
'make distclean && ./configure --enable-flexresp && make' in the snort
source directory and try again.

    -Marty

Robert Grabowsky wrote:
> 
> I would like to deny the downloading of a massive file from a web server
> on my network.  I have tried the following rule without success.  In fact,
> when I add the "resp: rst_all;" rule option snort will not even start
> up.  It's my understanding that this option will send TCP_RST packets in
> both directions.
> 
> alert tcp $EXTERNAL_NET any -> a.b.c.d 80 (msg:"Massive file
> download";flags:PA; content:".exe"; nocase; resp: rst_all;)
> 
> Any help would be truely appreciated.
> 
> Bob
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list