[Snort-users] FLEXRESP Problems
Markus.Ulrich at ...3608...
Wed Sep 26 05:57:01 EDT 2001
I want to use snort to reset a tcp connection if an alert occur. So I
used the libnet (1.0.2.a) to compile snort (1.8.1) with flexresp enable
(Linux Slackware Kernel 2.4.10).
A typical rule I used is :
alert tcp any 23 -> $NET any (msg:"TEST - TCP RST"; content: "gulu";
nocase; resp: rst_all;)
This works fine at least the logging but the connection brokes only 2 of
50 down. Have I made a mistake ?
Is there any other way to do this ?
I m lucky for every help !
More information about the Snort-users