[Snort-users] flexresp

Erik Wienberg ew at ...3904...
Thu Oct 25 05:32:22 EDT 2001


Hi,
I am running a RedHat 7.1 Linux - snort Version 1.8.1-RELEASE (Build 74)
After configuring --enable-flexresp I tried to add the following more or less 
based on an example from the faq:

/* in snort.conf */
ruletype redalert
{
  type alert
  output alert_syslog: LOG_LOCAL2
}

/* in local.rules */
redalert tcp any any  -> any any (msg:"REDRUM REDRUM"; 
content:"redalerttest"; resp: rst_all)

When I trigger the alert, it gets logged just fine but the offending session 
does not get RST. Nor is there any sign of a RST-packet in my network dumps.

Various snips from configure and make:
running /bin/sh ./configure  --enable-flexresp --no-create --no-recursion

gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap  -DENABLE_SSL 
-I/usr/include  -g -O2 -Wall -DENABLE_RESPONSE -D_BSD_SOURCE -D__BSD_SOURCE 
-D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c snort.c

Can anybody help me ? Thank you in advance.

all the best .... Erik




More information about the Snort-users mailing list