Snort mailing list archives

Previous By Date Next
Previous By Thread Next

divert socket odd behaviour

From: Sandro guly Zaccarini <guly () luv guly org>
Date: Mon, 22 Feb 2010 22:14:36 +0100
hello, i was talkin with a friend today who is writing divert
socket code for openbsd and he uses snort as target daemon. he
experience odd behaviour, using the one line configuration:
drop tcp any any -> any any

the first syn packet of the tcp connection pass the filter and
the syn-ack is dropped. snort 2.8.5.3 configured with --enable-inline,
runt with -vJ $port. snort_inline 2.6 works perfect as he gets even
the syn dropped. 

does anybody got 2.8.5.x working inline, even on freebsd, using divert
sockets?

sz
-- 
  /"\   taste your favourite IT consultant
  \ /   gpg public key http://www.guly.org/guly.asc
   X    
  / \   


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: