[Snort-users] Sticky-drop

Patrick Walsh pwalsh at ...13543...
Wed Dec 7 15:34:04 EST 2005


> > 	Any thoughts on how I can get my hands on or learn more about
> > sticky-drop?
> I think you are talking about sdrop?

	I'm familiar with sdrop.  My question is in response to this post from
Will earlier today:

> sticky-drop in snort-inline can do this.  You could probably
> accomplish the same thing with Snortsam In InlineMode(); but I haven't
> tried it.

	By which I assume that sticky-drop drops the connection and also drops
future connections from the target IP.

	And then there's this posting by Will from 3/30/05:

> The IPS functionality drops or rejects induvidual packets, unless you 
> are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and
> tell it otherwise.

	I did find some related preprocessor files in the
snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3
tree, nor can I find any documentation on exactly what they do or how to
make use of them...

	Anyone know what this is about or if it works or is supported
somewhere?

-- 
Patrick Walsh
eSoft Incorporated
303.444.1600 x3350
http://www.esoft.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051207/fe70e517/attachment.sig>


More information about the Snort-users mailing list