[Snort-users] Problems configuring react: msg;

Hui Cao (huica) huica at ...589...
Wed Nov 26 08:48:38 EST 2014


Hi Fraser,

Can you provide the configuration? Also the command line to run snort.

Best,
Hui.

From: Peter Fraser <pjfraser82 at ...11827...<mailto:pjfraser82 at ...11827...>>
Date: Tuesday, November 25, 2014 at 10:43 PM
To: "snort-users at lists.sourceforge.net<mailto:snort-users at ...5870....net>" <snort-users at lists.sourceforge.net<mailto:snort-users at ...2987...rge.net>>
Subject: [Snort-users] Problems configuring react: msg;

Hi,

I have setup snort running as an IPS using NFQUEUE.

I can detect rules and run block and deny on them however I cannot seem to get react to respond with a html page.

here is my configure command:

./configure --enable-sourcefire --enable-open-appid --enable-react --enable-flexrsp3

I am running Snort  2.9.7.0

my rule example is:

drop tcp any any -> any $HTTP_PORTS  (msg:"http://www.news.com.au"; content:"news.com.au<http://news.com.au>"; react: msg; sid:283; rev:1;)

I have followed the docs and I am happy to accept all defaults at this stage with regard to the response but the connection still just times out regardless.

Any help is greatly appreciated.

Cheers

Fraser


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141126/9484fbe8/attachment.html>


More information about the Snort-users mailing list