[Snort-users] React: block

Pachulski, Keith KPachulski at ...222...
Mon Jun 25 15:38:51 EDT 2007


Per snort documentation, --enable-flexresp enables reactive
functionality. Page 92 of the most recent documentation.

-----Original Message-----
From: snort-users-bounces at lists.sourceforge.net
[mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of Zakai
Kinan
Sent: Monday, June 25, 2007 2:37 PM
To: Snort Users
Subject: Re: [Snort-users] React: block


Where is the --enable-react?  It has depencies as
well.

ZK


--- "Pachulski, Keith" <KPachulski at ...222...>
wrote:

> Snort was compiled with --enable-gre,
> --enable-aruba, and
> --enable-flexresp
> 
> # snort -V
> 
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.6.1.5 (Build 59)  
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/team.html
>            (C) Copyright 1998-2007 Sourcefire Inc.,
> et al.
> 
> # uname -av
> Linux monitor 2.6.9-42.0.10.EL #1 Tue Feb 27
> 09:24:42 EST 2007 i686 i686
> i386 GNU/Linux
> 
> When I try to run snort with the react: block
> 
> I get the following error
> 
> snort[6099]: FATAL ERROR:
> /home/snort/local.rules(8): SnortSnprintf
> failed
> 
> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"PORN anal
> sex"; content:"anal sex"; nocase;
> flow:to_client,established;
> classtype:kickass-porn; sid:1317; rev:5; react:
> block;)
> 
> So what am I doing wrong =)
> 
>
------------------------------------------------------------------------
-
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2
> express and take
> control of your XML. No limits. Just data. Click to
> get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



       
________________________________________________________________________
____________
Yahoo! oneSearch: Finally, mobile search 
that gives answers, not web links. 
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC

------------------------------------------------------------------------
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list