|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] win32 snort (resp + react)
From: Jeff Nathan (jeff
snort.org)
Date: Mon Jul 07 2003 - 03:18:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not sure if Jon was talking about the code I sent out specifically to
the list of people testing the new code.
Thanks for responding in any case Rich.
Let me be 100% clear. Jon, if you are testing the new code, please respond
directly to the list of testers and myself rather than this list.
- -Jeff
- --On Sunday, July 6, 2003 13:13 -0600 Rich Adamson <radamsonrouters.com>
wrote:
> Jon,
>
>> im attempting 2 simple rules as a test (on win32 port):
>>
>> alert tcp $HOME any -> any 80 (msg: "Port 80"; resp: rst_snd;)
>> alert tcp $HOME any -> any 81 (msg: "Port 81"; react: block;)
>>
>> the first one tells me that resp is a bad keyword.
>
> The Win32 executable that Jeff sent all of us for testing had a bug
> in it that kept "resp:" from being recognized as a keyword. After he
> corrected that, I also noticed the keyword had no impact (eg, rst_snd
> was not sent).
>
>> the second actually can have block, warn, msg ... but on an outgoing
>> connection nothing really happens. im expecting snort to kill the
>> connection and not allow a request through (but the laptop still gets the
>> content).
>>
>> am i missing something?
>
> Not missing a thing. Jeff was going to debug the code this weekend. If
> his weekend is/was as busy as mine, it will probably be a few days
> before we hear anything.
>
> Rich
>
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
- --
http://cerberus.sourcefire.com/~jeff (gpg key available)
Great spirits have always encountered violent opposition from mediocre
minds.
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iD8DBQE/CSzzEqr8+Gkj0/0RAiRHAKCQBGA5Yp2p4ESEVWd4XJua3pwUxwCgkZPm
XOYAjvlytBLZ8+WRSFO03nI=
=kP/w
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]