Snort mailing list archives
RE: Packet drop functionality with snort
From: "Bob McDowell" <bmcdowell () coxhealthplans com>
Date: Tue, 11 Mar 2003 11:52:16 -0600
That is does. I use it and love it. Two things to point out though: 1) The offending packet makes it through. There isn't any kind of a 'drop'. Its rather like your girlfriend's dad listening in on your phone calls. All he can do at the time is make you hang up... 2) You can find yourself in a loop when snort sends a reset which triggers a rule which sends a reset which triggers a rule which sends a reset which triggers a rule which sends a reset, etc. This will basically fill your logs in less than a second. If it were a 'drop', we wouldn't really have to deal with this condition. So, as always, test your ruleset. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of L. Christopher Luther Sent: Tuesday, March 11, 2003 10:43 AM To: 'rajat khatri' Cc: Snort-Users (E-mail) Subject: RE: [Snort-users] Packet drop functionality with snort One work: flexresp. I've not used this functionality but I understand that it will allow Snort to send RST packets (or something like this) to an offending IP. - Christopher -----Original Message----- From: rajat khatri [ mailto:rajat_40 () yahoo com hk] Sent: Tuesday, March 11, 2003 10:58 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Packet drop functionality with snort hi all , I am using snort for the purpose it is meant to serve(IDS) .I would like to know how can snort be configured or used to drop packets . My setup comprises of 5 machines connected via a hub, with snort installed on one of the boxes. I am running low on time and would like to add this vital functionality most definitely ,so any ideas , comments on the same idea would be most appreciated. regards, rajat _______________________________________________________________________ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Packet drop functionality with snort rajat khatri (Mar 11)
- Re: Packet drop functionality with snort Alberto Gonzalez (Mar 11)
- <Possible follow-ups>
- RE: Packet drop functionality with snort L. Christopher Luther (Mar 11)
- RE: Packet drop functionality with snort Slighter, Tim (Mar 11)
- RE: Packet drop functionality with snort Bob McDowell (Mar 11)