[Snort-users] Flexresp2 installation and configuration Problem
rajneel_d at ...125...
Thu Dec 25 02:13:01 EST 2003
Thanks Matt... i am new to snort ... i am running Snort 2.0.4 ... does it
I have downloaded snort-flexresp2-prepatched.tgz ....
>From: Matt Kettler <mkettler at ...4108...>
>To: "RAJNEEL DHOTRE" <rajneel_d at ...125...>,
>snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] Flexresp2 installation and configuration
>Date: Tue, 23 Dec 2003 10:44:39 -0500
>At 06:53 AM 12/23/2003, RAJNEEL DHOTRE wrote:
>>I have download and installed Flexresp2 and libnet. I have also add the
>>resp:reset in icmp rules.
>Um.. what do you think a resp:reset going to do to an icmp message?
>resp:reset ONLY works for TCP.. it does NOT work for icmp, or udp. It can't
>work for icmp or udp.. It doesn't even make sense to try.
>UDP and ICMP are stateless.. It is impossible to reset (or desynchronize)
>the connection, because there is no connection.
>In the case of UDP and ICMP, your best bet is icmp_host, but bear in mind
>an attacker WILL ignore them.
>Disclaimer about reliability:
>Resp:reset can be probably evaded by a sophisticated attacker with enough
>tries, but icmp_host can be evaded by an amateur... however, it's your only
>option for stateless stuff... It is still better than nothing, but
>flexresp2 is not replacement for a firewall. Use it as a supplement, but
>keep your firewalls properly configured as your first defense.
>>ERROR: Unknown config directive: config flexresp2_interface:eth0
>>Fatal Error, Quitting..
>Did you download a precompiled binary, or source code? the above message
>snounds like you're running a version of snort that does not support
>This SF.net email is sponsored by: IBM Linux Tutorials.
>Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
>Free Linux Tutorials. Learn everything from the bash shell to sys admin.
>Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
Free transactions in any ATM across India.
http://server1.msn.co.in/msnleads/suvidha/dec03.asp?type=hottag Click here.
More information about the Snort-users