[Snort-users] Snort+flexresp

skill2die4 skill2die4 at ...131...
Wed Mar 13 06:55:05 EST 2002


I was working on flexREsp in my lab and the set-up was : 

----------               ----------
-  compA - +++++++++++++ -  compB -
----------               ----------

+++ = crossover

compA = running snort
compB = testing machine

So, in my case even though FLEXRESP might be installed 
properly; it wasn't replying to packets with a RST packet (as per
the rules that I created) due to time frame given to snort to create the
packet(as per my understanding now...thanks to ROEL)


1. Was it was because the compA replied before snort could craft the
reply packet?

2. Even if so, I should have seen at least a single RST(even though with
delayed sequence number) packet ?

3. Since I didn't saw even a single RST packet over the network, should
I ASSume that the problem lies with my installation or rulesets ?

4. How can I create network DELAYS in the Lab environment?



Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the Snort-users mailing list