[Snort-users] Error on new Rule
krisselada at ...1150...
Wed Mar 16 06:44:58 EST 2005
As udp protocol is stateless, I don't know how this would be implemented
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Ron Jenkins
Sent: Wednesday, March 16, 2005 6:33 AM
To: Joel Esler
Subject: RE: [Snort-users] Error on new Rule
Does Snort's FlexResp have an option to work with UDP?
From: Joel Esler [mailto:eslerj at ...11827...]
Sent: Wednesday, March 16, 2005 8:35 AM
To: Ron Jenkins
Subject: Re: [Snort-users] Error on new Rule
Flexresp works by sending a RST 'flagged' packet in the middle of a
conversation to abruptly terminate a conversation in the middle of it.
(if you need more explanation i will be glad to help), since udp does
not have packet flags, this is impossible.
BASE Project Lead
On Mar 16, 2005, at 09:12, Ron Jenkins wrote:
> On the below new rule, I added the react:block for the FlexResp
> feature of snort.
> alert udp $HOME_NET any -> $EXTERNAL_NET 41170 (msg:"P2P Manolito
> Search Query"; content:"|01 02 00 14|"; offset:16; depth:4;
> reference:url,openlito.sourceforge.net; react:block;
> classtype:policy-violation; sid:3459; rev:2;)
> I get the below error:
> ERROR: Line /etc/snort/local.rules(28): TCP Options on non-TCP rule
> Fatal Error, Quitting..
> Does FlexResp only work on TCP rules and not UDP?
> Ron Jenkins (MCNE, CNE6, MCP, CCNA, CCEA)
> Senior Architect
> Data Integrity, LLC
> "We Integrate People with Solutions"
> 1724 Dallas Drive
> Suite 11
> Baton Rouge, La 70806
> Office. 225.927.8030
> Fax. 225.927.8033
> Email. rjenkins at ...12829...
> Web. www.dibr.net
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users