[Snort-users] Snort+flexresp

Roelof JT Jonkman roel at ...47...
Wed Mar 13 07:44:09 EST 2002


Sonika,

>     Thanks for this detail explanation.Does this indicate that in every( WAN )
> case where the delay is more ,the possibility of RST packet, generated by snort,
> reaching the other end increases? That is if the no. of hops are more, it is more
> likely that the snort terminates the connection.
Yes, that would be correct to assume.

> But in any case it is not
> guaranteed!..
Yes, it propably be accurate to say that 9 out of 10 times it works in a WAN
situation. (Somewhere during 1.8.3 Marty changed a bunch of the flexible 
response code around so it prebuild's the the RST packets, that did it quite
a bit of good.)

		roel






More information about the Snort-users mailing list