[Snort-users] active response

amin Salehi seyedamin_salehi at ...131...
Mon Jul 29 06:57:17 EDT 2013






hi.i edit snort.conf like snort-2.9.5 manual.

i write a rule in local.rules:
alert tcp 10.10.9.40 any -> x.x.x.x 80 (msg:"site visited";resp:rst_snd;sid:1000000;)


i start snort like this:
snort -q -c /etc/snort/snort.conf -A console

but when i enter target url in browser nothing happend and i can see the home page of target site.why active response dont work?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130729/206380a9/attachment.html>


More information about the Snort-users mailing list