[Snort-users] Flex Resp Problems

Owen Creger OCreger at ...6622...
Wed Aug 14 19:51:03 EDT 2002


Running on RH 7.2
I have installed the RPM's:
snort-1.8.7-1snort
snort-mysql+flexresp-1.8.7-1snort

I want to change the rule:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
cmd.exe access"; flags:A+; content:"cmd.exe"; nocase;
classtype:web-application-attack; sid:1002;  rev:5;)

to:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
cmd.exe access"; resp:rst_all; flags:A+; content:"cmd.exe"; nocase;
classtype:web-application-attack; sid:1002;  rev:5;)

When I restart Snort I get the error:
FATAL ERROR: ERROR: cannot open raw socket for libnet, exiting... 
I have perl-libnet-1.0703-6 installed.

What am I missing?
Do I need a different version of Libnet?

Owen C. Creger CCNA, CISSP
Info. Sec. Administrator
Creative Solutions, a Thomson Company.
7322 Newman Blvd.
Dexter, MI  48130
email: ocreger at ...6620...
ph: 734-426-5860 ex. 3787
fax: 734-426-5946
cell: 734-223-6270


Owen C. Creger CCNA, CISSP
Info. Sec. Administrator
Creative Solutions, a Thomson Company.
7322 Newman Blvd.
Dexter, MI  48130
email: ocreger at ...6620...
ph: 734-426-5860 ex. 3787
fax: 734-426-5946
cell: 734-223-6270





More information about the Snort-users mailing list