[Snort-users] flexresp - I have 2 stupid questions

Rich Stryker rstryker at ...7794...
Wed Nov 26 12:24:06 EST 2003


I have the libnetNT.dll in the winnt\system32 directory. I have pinged the servers that flexresp should be monitoring but I still get a response when i think I should be getting dropped packets.

does flexresp write a log somewhere that I can see if it is loading properly or functioning properly or reading packets properly but is unable to respond to?

-----Original Message-----
From: Matt Kettler [mailto:mkettler at ...4108...]
Sent: Wednesday, November 26, 2003 11:57
To: Rich Stryker; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] flexresp - I have 2 stupid questions


At 10:26 AM 11/26/2003, Rich Stryker wrote:
>*       If I have unbound TCP/IP on the outside NIC where I have set 
>flexresp, I have set the rules to send ICMP null responses, will flexresp 
>actually work?

It should... flexresp uses libnet to generate the packets and does not rely 
on the local tcp/ip stack.

>*       How do you know if flexresp is working?

Um.. test it?






More information about the Snort-users mailing list