G Ramon Gomez
gene at ...13522...
Wed Dec 7 08:01:03 EST 2005
With regards to this particular issue, one thing that caught me when I
started using RSTs was that the packets get sent using the routing
table. In my case I had a stealth bridging firewall that I had set up
with flexresp, but found that, although Snort was listening on br0 (eth1
+ eth2, no IPs assigned), RST packets were being emitted on eth0 (my
management interface, where my only IP was assigned). As a result, my
stateful firewalls on the management network were dropping the packets.
Double-check that the RSTs are being sent out the interface you think
they're going out through.
Patrick Walsh wrote:
> Also, are there any known bugs with connection resets? I think the
>reset packets may not be getting sent to both ends of the connection or
>else might not have the proper source port set.
More information about the Snort-users