[Snort-users] Re: TCP Resets
flynngn at ...6811...
Sat Feb 28 21:13:03 EST 2004
One more consideration. If you're running something inline
and you drop a packet, you have to consider the effects on
the overlying application.
For example, an SMTP server sending a virus in the middle of
a set of messages may queue up messages behind the failed
Not only that, if worm activity is heavy you better drop
the server connection after you drop the packet. Doing
otherwise does bad things due to a bunch of half-open
connections on the receiving server. I speak from a
bad experience on that one. :)
As someone told me on another list, that is the price one pays
when one tries to address an application problem at the
More information about the Snort-users