Is anyone succesfully running Snort with the FlexResp on a windows platform. I have tried the binary from www.silicondefense.com However it produces an error related to the LbNetNT file, which according to the release notes is supposed to be included in that distribution. I have tried upgrading WinPCAP to the latest version but this did not make the error go away. If I use the same package without Flex Resp, it works fine. I am logging to MySQL which also affects which binary you choose. This was with the 1.8.3 image. Having just visited the site I see there is a new version with more information about how to install Libnet manually, I will have to give this a try. Anyone have ideas on how to make it work with 1.8.3?
Ken Claussen MCSE CCNA CCA "In Theory it should work as you describe, but the difference between theory and reality is the truth! For this we all strive" -----Original Message----- From: Daniel Crichton [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 10, 2002 11:04 AM To: Clifford Thurber Cc: [EMAIL PROTECTED] Subject: Re: PIX 515 On 10 Apr 2002 at 10:53, Clifford Thurber wrote: > I would like to know how you are using Snort to close or deny ports? The > last I checked Snort was an IDS used for logging and alerting? Take a look at the "react" rule option ( http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.24 ) >From that page: "The Flex Resp code allows Snort to actively close offending connections and/or send a visible notice to the browser (warn modifier available soon)." Currently only appears to support the "block" argument which AFAIK will respond to the packets as if the destination had closed the connection (I haven't actually tried this yet as I run Snort on Win32 and the version I'm using doesn't support this, I really must upgrade it). Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
