[Snort-users] Re: [Snort-devel] Urgent (hopefully not dumb) question: resp:(onses) on which device?

Chris Green cmg at ...671...
Sun Nov 11 09:21:05 EST 2001


"Chr. v. Stuckrad" <stucki at ...3882...> writes:

> Hi!
>
> I'm in a hurry to create 'responses' to kill incoming ssh-connections
> to some openssh-1.* vulnerable hosts where I have no root-access to,
> but snort is reading on eth1 an not-writable mirror-port of an router.
> I geht no visible responses on the 'normal' interface eth0, so I fear
> the responses are on the wrong device (or not generated at all?) ?
>
> Stucki
>
> PS.: I definitely compiled 1.8.2 WITH --enable-flexresponse on my LINUX
>      end the rule logs correctly, but so far never 'responds'.

Flexresp is broken in 1.8.2.  Please grab the CVS checkout if you need
to use it. It shouldn't be too long before a official release that
fixes this is done.
-- 
Chris Green <cmg at ...671...>
This is my signature. There are many like it but this one is mine.




More information about the Snort-users mailing list