[Snort-users] Can i discard a packet when a match accure

Fyodor fygrave at ...121...
Sat Aug 12 11:09:58 EDT 2000


~ :
~ :I would like to know if there is a way to DISCARD or DROP a packet if there
~ :is a match. i am not talking about flexresp.
~ :

Discard packet? Hardly.. remember when you are running snort you are
mostly passive listener of the network traffic, most that you can do is to
modify routing tables to prevent further attempts (which is quite
dangerous BTW), but anyway by the time you would make those changes the
packet which triggered an action would usually be delivered to its target.


Discarding packets is what firewalls are usually good for :-)





More information about the Snort-users mailing list