[Snort-users] Resp: and react: don't work on w2k and XP ?

Troll Troll at ...6647...
Mon Aug 19 17:10:07 EDT 2002


Thank you Matt Kettler
that is working now snort knows about resp:
but know the next problem will be occured
An error will be send to me and snort dieing every time
AppName: snort.exe AppVer: 0.0.0.0 ModName: packet.dll
ModVer: 3.0.0.13 Offset: 00001d7d

and I don't know if its right but my Task-Manager shows me several new
Programms (don't know realy couse winpcap or snort)
phfqk.exe , snixmb.exe, phcop.exe ... some more

but back to my dieing snort couse failure in packet.dll
don't know its raely an failure in snort or in winpcap or in my rules

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"file-finder outa
there1a"; flags: A+; content:"file-"; nocase; classtype:string-detect;
sid:2000000; rev:1; resp: rst_all; )

is one of my rules .. they shoud block packets that contains 'file-'
I startet snort with the snort panal witch set folloing to start snort
E:\Snort\snort.exe -l "E:\Snort\log" -c "E:\Snort\edonkey.rules" -P
500 -a -e -o -d -A full

can some one tell me if its realy an failure in packet.dll or if its me or
is it XP ?
my choice of installing snort for win32 is know only flexresp

greetz Troll


----- Original Message -----
From: "Matt Kettler" <mkettler at ...4108...>
To: "Troll" <Troll at ...6645...>; <snort-users at ...382...>
Sent: Monday, August 19, 2002 9:15 PM
Subject: Re: [Snort-users] Resp: and react: don't work on w2k and XP ?


> You really don't want to have all the boxes checked.. Pick ONE.
>
> It would appear that what checking all of them does is installs multiple
> snort.exe files, one on top of the other.. The one you wind up with is the
> last in the list, which doesn't have flexresp support.
>
> The snort w/flexresp only .exe file is 307,200 bytes from the
> snort-1.8.7-win32.exe installer.
>
>
>
>
> At 09:08 PM 8/19/2002 +0200, Troll wrote:
> >Hi
> >
> >Thats my Problem I get the pre compiled Version binarie for win32 version
> >1.8.7-win32.exe
> >At the INstallation I made custom installation and flexsep and all other
> >choices are marked. (made a full installation)
> >Thats why I'm wondering
> >I'm using XP prof. and winpcap 3.0 alpha
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list