[Snort-users] React: block

Zakai Kinan titanyen2000 at ...131...
Mon Jun 25 15:45:07 EDT 2007


If you do a ./configure --help you will see a separate
and distinct --enable-react.  Flexible response2 has
nothing to do with react.

ZK


--- "Pachulski, Keith" <KPachulski at ...222...>
wrote:

> Per snort documentation, --enable-flexresp enables
> reactive
> functionality. Page 92 of the most recent
> documentation.
> 
> -----Original Message-----
> From: snort-users-bounces at lists.sourceforge.net
> [mailto:snort-users-bounces at lists.sourceforge.net]
> On Behalf Of Zakai
> Kinan
> Sent: Monday, June 25, 2007 2:37 PM
> To: Snort Users
> Subject: Re: [Snort-users] React: block
> 
> 
> Where is the --enable-react?  It has depencies as
> well.
> 
> ZK
> 
> 
> --- "Pachulski, Keith" <KPachulski at ...222...>
> wrote:
> 
> > Snort was compiled with --enable-gre,
> > --enable-aruba, and
> > --enable-flexresp
> > 
> > # snort -V
> > 
> >    ,,_     -*> Snort! <*-
> >   o"  )~   Version 2.6.1.5 (Build 59)  
> >    ''''    By Martin Roesch & The Snort Team:
> > http://www.snort.org/team.html
> >            (C) Copyright 1998-2007 Sourcefire
> Inc.,
> > et al.
> > 
> > # uname -av
> > Linux monitor 2.6.9-42.0.10.EL #1 Tue Feb 27
> > 09:24:42 EST 2007 i686 i686
> > i386 GNU/Linux
> > 
> > When I try to run snort with the react: block
> > 
> > I get the following error
> > 
> > snort[6099]: FATAL ERROR:
> > /home/snort/local.rules(8): SnortSnprintf
> > failed
> > 
> > alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET
> any (msg:"PORN anal
> > sex"; content:"anal sex"; nocase;
> > flow:to_client,established;
> > classtype:kickass-porn; sid:1317; rev:5; react:
> > block;)
> > 
> > So what am I doing wrong =)
> > 
> >
>
------------------------------------------------------------------------
> -
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2
> > express and take
> > control of your XML. No limits. Just data. Click
> to
> > get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> 
> 
> 
>        
>
________________________________________________________________________
> ____________
> Yahoo! oneSearch: Finally, mobile search 
> that gives answers, not web links. 
>
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
> 
>
------------------------------------------------------------------------
> -
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2
> express and take
> control of your XML. No limits. Just data. Click to
> get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



 
____________________________________________________________________________________
Sucker-punch spam with award-winning protection. 
Try the free Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/features_spam.html




More information about the Snort-users mailing list