[Snort-users] problem with Flexresp3

Russ Combs rcombs at ...1935...
Thu Oct 7 08:43:06 EDT 2010


On Thu, Oct 7, 2010 at 2:13 AM, Tica <ticagugino at ...11827...> wrote:

> Hello all,
>
> I'm using snort 2.9.0 but something is wrong... Flexresp is not working as
> it should. Snort detection is ok, but flexresp don't send the response
> packs... I already tried several different configurations without success...
> I'm using the parameter resp:rst_all;
>

Can you test this in readback mode with a pcap?  If so, run snort with --daq
dump and examine the inline-out.pcap file it produces to see if the response
is in there.  Let me know and we can go from there.

>
> This is the enviroment I'm using snort: libdnet libdnet-1.12,
> libcap-1.1.1, daq-0.2, kernel 2.6.35.7-smp, Slackware 13.0.
> This is the config options I used to build snort:
>
>  ./configure --prefix=/usr \
> --sysconfdir=/etc \
> --sharedstatedir=/var \
> --enable-zlib \
> --enable-targetbased \
> --enable-decoder-preprocessor-rules \
> --enable-perfprofiling \
> --enable-gre \
> --enable-mpls \
> --enable-linux-smp-stats \
> --enable-ppm \
> --enable-normalizer \
> --enable-react \
> --enable-active-response \
> --enable-flexresp3 \
> --enable-sourcefire \
> --enable-dynamicplugin \
> --enable-pthread \
> --enable-reload
>
> Any help will be really appreciated!
>
> Thanks in advance!!!
>
> --
> Tica ;-)
>
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101007/e8dc0615/attachment.html>


More information about the Snort-users mailing list