[Snort-users] Problem with "Established" keyword

Ryan Russell ryan at ...182...
Wed Dec 17 12:14:01 EST 2003


I did find the discussion about this in October, but I could find no 
real solution in that discussion.

I just did a fresh install of Snort 2.0.5 on OpenBSD 3.4.  Just a simple 
configure; make; make install, and copies the rules and config files to 
a directory, and started Snort from there.

It appears that none of the rules with established will fire.  If I take 
that keyword out of the rule, it works fine.

Was there some change to Snort that borke this, or is some preprocessor 
not hadling it properly?

				Ryan





More information about the Snort-users mailing list