[Snort-users] Snort+flexresp

skill2die4 skill2die4 at ...131...
Wed Mar 13 06:55:05 EST 2002


Hi:

I was working on flexREsp in my lab and the set-up was : 

----------               ----------
-  compA - +++++++++++++ -  compB -
----------               ----------

+++ = crossover

compA = running snort
compB = testing machine


So, in my case even though FLEXRESP might be installed 
properly; it wasn't replying to packets with a RST packet (as per
the rules that I created) due to time frame given to snort to create the
packet(as per my understanding now...thanks to ROEL)


Questions:
----------

1. Was it was because the compA replied before snort could craft the
reply packet?

2. Even if so, I should have seen at least a single RST(even though with
delayed sequence number) packet ?

3. Since I didn't saw even a single RST packet over the network, should
I ASSume that the problem lies with my installation or rulesets ?

4. How can I create network DELAYS in the Lab environment?
[** MOST IMPORTANT **]



Thanks!


Skill2die4


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the Snort-users mailing list