[Snort-sigs] snort-inline and config detection: search-method
feofil at ...2420...
Fri Oct 27 18:12:41 EDT 2006
For several search-methods, including the defaults, snort compiled
with inline does not drop in certain cases and in other cases does not
alert. It is not consistent across different search methods either.
snort 184.108.40.206 (with --enable-inline)
config detection: search-method ac-std
drop any any -> any any (msg:"does not drop"; content:"12345";
threshold: type both, track by_src, limit 3, seconds 30; )
Different search methods seem to treat dropping all differently, can
anyone describe what the idea is here and why the different search
methods are causing problems for inline? or should I visit
snort-inline mailing lists.
More information about the Snort-sigs