RE: [Snort-users] flexresp - I have 2 stupid questions

I have the libnetNT.dll in the winnt\system32 directory. I have pinged =
the servers that flexresp should be monitoring but I still get a =
response when i think I should be getting dropped packets.

does flexresp write a log somewhere that I can see if it is loading =
properly or functioning properly or reading packets properly but is =
unable to respond to?

-----Original Message-----
From: Matt Kettler [mailto:mkettler@evi-inc.com]
Sent: Wednesday, November 26, 2003 11:57
To: Rich Stryker; snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] flexresp - I have 2 stupid questions


At 10:26 AM 11/26/2003, Rich Stryker wrote:
>* If I have unbound TCP/IP on the outside NIC where I have set=20
>flexresp, I have set the rules to send ICMP null responses, will =
flexresp=20
>actually work?

It should... flexresp uses libnet to generate the packets and does not =
rely=20
on the local tcp/ip stack.

>* How do you know if flexresp is working?

Um.. test it?




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users