Honeypots mailing list archives
snort-inline - resetting the "counter"
From: <kathya6200 () yahoo com>
Date: 18 Apr 2003 11:05:28 -0000
I am using snort-inline as an IPS, and have snort, snort-inline and IPtables running on one machine,thanks to Rob's help. It is successfully blocking traffic. However, ever after stopping, restarting, and rebooting machine, I cannot get it to STOP blocking packets! I have it set to block after 20 icmp, udp and tcp packets outbound. After I finally got it to work, it pinged 20 times, then blocked. Now, after resetting, I ping 3 times successfully, then it starts blocking. My burst is set to 5 (outbound only?). Any suggestions? Do I have to reload the ip_queue module? Who/what is actually doing the packet counting?
Current thread:
- snort-inline - resetting the "counter" kathya6200 (Apr 18)