[Snort-users] Why resp and session option Dont work!?
This is a discussion on [Snort-users] Why resp and session option Dont work!? within the Snort forums, part of the System Security and Security Related category; Hello well, i asked before but nobody asnwered.. and when i try to do this rule that looks and is ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-28-2004
|
|||
|
|||
[Snort-users] Why resp and session option Dont work!?
Hello well, i asked before but nobody asnwered..
and when i try to do this rule that looks and is almost equals to some default ones that are in *.rules when i add the option of session in the logs, doesnt Capture all the session of the atacker.. WHY ??? alert tcp any any -> $HOME_NET 22 (msg: "Alguien se loguio por ssh checa los logs!"; session:printable;) and the other thing is, that if RESP really works ??? i have been testing it, and i cant disconnect or reset the TCP conection of some user that matched the rule.. what happend :S?? thanks in advance i will really apreaciate from mexico __________________________________________________ _______ Do You Yahoo!? La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
