Snort mailing list archives
Re: disabling sniping
From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Fri, 3 May 2019 13:45:36 +0000
Reject should send the reset/icmp unreachable. Drop shouldn’t. 08:51:53.939581 IP 10.5.32.125.143 > 10.4.15.120.46590: Flags [R.], seq 9779, ack 311, win 0, length 0 08:51:53.939581 IP 10.4.15.120.46590 > 10.5.32.125.143: Flags [R.], seq 311, ack 9779, win 0, length 0 With the reject keyword I see the resets above. With drop there is nothing in the capture. Use “--daq dump” to see the traffic. A filed named “inline-out.pcap” should be generated. From: Snort-users <snort-users-bounces () lists snort org> on behalf of "Graham Bartlett (grbartle) via Snort-users" <snort-users () lists snort org> Reply-To: "Graham Bartlett (grbartle)" <grbartle () cisco com> Date: Friday, May 3, 2019 at 9:27 AM To: "snort-users () lists snort org" <snort-users () lists snort org> Subject: [Snort-users] disabling sniping Hi I have setup snort in inline mode. It’s working as planned, but I would like the snort to silently discard dropped traffic, rather than sending an ICMP unreachable. Is there a method to do this ? I looked at sniping and setting the reply number to 0, but this didn’t seem possible. <att> ::= (1..20) Many thanks
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- disabling sniping Graham Bartlett (grbartle) via Snort-users (May 03)
- <Possible follow-ups>
- Re: disabling sniping Al Lewis (allewi) via Snort-users (May 06)