[Snort-users] Error on new Rule

Ron Jenkins rjenkins at ...12829...
Wed Mar 16 06:19:06 EST 2005

On the below new rule, I added the react:block for the FlexResp feature
of snort.  


alert udp $HOME_NET any -> $EXTERNAL_NET 41170 (msg:"P2P Manolito Search
Query"; content:"|01 02 00 14|"; offset:16; depth:4;
reference:url,www.blubster.com; reference:url,openlito.sourceforge.net;
react:block; classtype:policy-violation; sid:3459; rev:2;)


I get the below error:


ERROR: Line /etc/snort/local.rules(28): TCP Options on non-TCP rule

Fatal Error, Quitting..


Does FlexResp only work on TCP rules and not UDP?





Ron Jenkins (MCNE, CNE6, MCP, CCNA, CCEA) 
Senior Architect 
Data Integrity, LLC 
"We Integrate People with Solutions" 
1724 Dallas Drive 
Suite 11 
Baton Rouge, La 70806 
Office. 225.927.8030 
Fax. 225.927.8033 
Email. rjenkins at ...12829... 
Web. www.dibr.net 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050316/f40894f3/attachment.html>

More information about the Snort-users mailing list