[Snort-users] Flexible Response
kongi at ...10560...
Fri Nov 14 14:02:19 EST 2003
On Fri, Nov 14, 2003 at 01:40:05PM -0500, snort wrote:
> This version is statically compiled with flexible response
> I rpm -qip snort-2.0.4 and it states that flexible response is
> compiled into the package,
> but when I create a rule and use the resp keyword I get the below
> I have also tried to use the react option and I get the same error.
> Warning: /etc/snort/rules/icmp.rules(44) => Unknown keyword 'resp'
> in rule!
> Warning: /etc/snort/rules/icmp.rules(44) => Unknown keyword 'react' in rule!
if U user fles_resp (1) - U must, define in config (example):
# reset sender
var RESP_TCP resp:rst_snd;
var RESP_TCP2 resp:rst_rcv;
var RESP_TCP_URG resp:rst_all;
#var RESP_UDP resp:icmp_port,icmp_host;
var RESP_UDP resp:icmp_host;
or, if U user fles_resp2, U must configure --fles_resp2 (not
documented in configure --help)
I thing, U use rules contrib - where define fles_resp2
More information about the Snort-users