[Snort-users] Flexresp problems
This is a discussion on [Snort-users] Flexresp problems within the Snort forums, part of the System Security and Security Related category; I've installed with Flexresp and when I try to add react:block; to a rule I get the message ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-19-2008
|
|||
|
|||
[Snort-users] Flexresp problems
I've installed with Flexresp and when I try to add react:block; to a rule I get the message below, any ideas please anyone?
FATAL ERROR: Warning: /etc/snort/rules/local.rules(1) => Unknown keyword ' react' in rule! The rule syntax looks OK to me and I've used this before without a problem. I'm running snort 2.8.0.1 on Cent OS 5. The rule looks like this: alert tcp $HOME_NET any -> $EXTERNAL_NET 8888 (msg:"P2P napster login"; flow:to_server,established; content:"|00 02 00|"; depth:3; offset:1; classtype:policy-violation; sid:549; rev:8; react:block;) Also with Flexresp in which file do you put your variables i.e: # just stop the offender var RESP_TCP resp:rst_snd; I get the same error when I put this in snort.conf and replace react:block; with $RESP_TCP in my rules. I also get the same error with resp:rst_snd; in the rules. Any help would be appreciated, thanks! Rob Ward Network Northwest Support University of Liverpool Computing Services Department ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
