[Snort-users] Flex Resp Problems

Jeff Nathan jeff at ...950...
Wed Aug 14 23:48:04 EDT 2002


No.

You need to be running snort as root to open a raw socket within your 
running OS.

-Jeff

--On Wednesday, August 14, 2002 22:49:56 -0400 Owen Creger 
<OCreger at ...6622...> wrote:

> Running on RH 7.2
> I have installed the RPM's:
> snort-1.8.7-1snort
> snort-mysql+flexresp-1.8.7-1snort
>
> I want to change the rule:
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
> cmd.exe access"; flags:A+; content:"cmd.exe"; nocase;
> classtype:web-application-attack; sid:1002;  rev:5;)
>
> to:
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
> cmd.exe access"; resp:rst_all; flags:A+; content:"cmd.exe"; nocase;
> classtype:web-application-attack; sid:1002;  rev:5;)
>
> When I restart Snort I get the error:
> FATAL ERROR: ERROR: cannot open raw socket for libnet, exiting...
> I have perl-libnet-1.0703-6 installed.
>
> What am I missing?
> Do I need a different version of Libnet?
>
> Owen C. Creger CCNA, CISSP
> Info. Sec. Administrator
> Creative Solutions, a Thomson Company.
> 7322 Newman Blvd.
> Dexter, MI  48130
> email: ocreger at ...6620...
> ph: 734-426-5860 ex. 3787
> fax: 734-426-5946
> cell: 734-223-6270
>
>
> Owen C. Creger CCNA, CISSP
> Info. Sec. Administrator
> Creative Solutions, a Thomson Company.
> 7322 Newman Blvd.
> Dexter, MI  48130
> email: ocreger at ...6620...
> ph: 734-426-5860 ex. 3787
> fax: 734-426-5946
> cell: 734-223-6270
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
http://www.snort.org/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
minds."
- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020814/4d7fe6ee/attachment.sig>


More information about the Snort-users mailing list