[Snort-users] Flexresp2 installation and configuration Problem

RAJNEEL DHOTRE rajneel_d at ...125...
Thu Dec 25 02:13:01 EST 2003

Thanks Matt... i am new to snort ... i am running Snort 2.0.4 ... does it 
support ?

I have downloaded snort-flexresp2-prepatched.tgz  ....


>From: Matt Kettler <mkettler at ...4108...>
>To: "RAJNEEL DHOTRE" <rajneel_d at ...125...>,   
>snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] Flexresp2 installation and configuration  
>Date: Tue, 23 Dec 2003 10:44:39 -0500
>At 06:53 AM 12/23/2003, RAJNEEL DHOTRE wrote:
>>I have download and installed Flexresp2 and libnet.  I have also add the 
>>resp:reset in icmp rules.
>Um.. what do you think a resp:reset going to do to an icmp message?
>resp:reset ONLY works for TCP.. it does NOT work for icmp, or udp. It can't 
>work for icmp or udp.. It doesn't even make sense to try.
>UDP and ICMP are stateless.. It is impossible to reset (or desynchronize) 
>the connection, because there is no connection.
>In the case of UDP and ICMP, your best bet is icmp_host, but bear in mind 
>an attacker WILL ignore them.
>Disclaimer about reliability:
>Resp:reset can be probably evaded by a sophisticated attacker with enough 
>tries, but icmp_host can be evaded by an amateur... however, it's your only 
>option for stateless stuff... It is still better than nothing, but 
>flexresp2 is not replacement for a firewall. Use it as a supplement, but 
>keep your firewalls properly configured as your first defense.
>>ERROR: Unknown config directive: config flexresp2_interface:eth0
>>Fatal Error, Quitting..
>Did you download a precompiled binary, or source code? the above message 
>snounds like you're running a version of snort that does not support 
>This SF.net email is sponsored by: IBM Linux Tutorials.
>Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
>Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
>Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

Free transactions in any ATM across India. 
http://server1.msn.co.in/msnleads/suvidha/dec03.asp?type=hottag Click here.

More information about the Snort-users mailing list