[Snort-users] Anybody using the react keyword in 2.1?
dgianndrea at ...4357...
Wed Dec 31 05:16:00 EST 2003
Im playing with a rule that uses the react keyword.
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"PORN
www.bobblers.com"; content:"bobblers.com"; nocase;
flow:to_client,established; react: block, msg;)
It works, however the web client does not display the
message that is in sp_react.c. I did confirm that the
packet that contains message contained in sp_react.c
reaches the users workstation using Ethereal.
Maybe it is an html thing as both Netscape 7.1, and IE 6
don't display it. Netscape 7.1 does bring up a dialog
box that states " The document contains no data"
Senior Network Engineer
Comsquared Systems, Inc.
Email: dgianndrea at ...4357...
More information about the Snort-users