[Snort-users] FlexResp (Not working?)

Carlos Kumbak ckumbak at ...1331...
Tue Jan 21 22:16:02 EST 2003


I need a help from you guys...

I'm using:
-Snort 1.9 (--enable-flexresp)
-Libpcap 0.7.1
-Libnet 1.0.2a

Some time ago (the older snort versions) It was possible
to abort connections using flexresp... Let's say that
I'm running snort with the following rule (that works

alert tcp any any -> any 25

Snort started without problems...

Now... from another computer I try:

telnet gateway 25
Trying XX.XX.XX.XX...
Connected to gateway
Escape character is '^]'.
220 gateway (experimental box) ESMTP

Then I type:
test123 <enter>
500 5.5.1 Command unrecognized: "test123"

Snort identifies the content but didn't droped the
Jan 22 02:05:08 gateway snort: [1:0:0] test <eth0> {TCP}

I remember that this rule works before... I used
flexresp lot... but now I'm losing my mind to try
understand what is wrong.

Please... may someone help?

Best regards.
Carlos Kumbak
ckumbak at ...1331...

E-mail Premium BOL
Antivírus, anti-spam e até 100 MB de espaço. Assine já!

More information about the Snort-users mailing list