pwalsh at ...13543...
Wed Dec 7 15:34:04 EST 2005
> > Any thoughts on how I can get my hands on or learn more about
> > sticky-drop?
> I think you are talking about sdrop?
I'm familiar with sdrop. My question is in response to this post from
Will earlier today:
> sticky-drop in snort-inline can do this. You could probably
> accomplish the same thing with Snortsam In InlineMode(); but I haven't
> tried it.
By which I assume that sticky-drop drops the connection and also drops
future connections from the target IP.
And then there's this posting by Will from 3/30/05:
> The IPS functionality drops or rejects induvidual packets, unless you
> are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and
> tell it otherwise.
I did find some related preprocessor files in the
snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3
tree, nor can I find any documentation on exactly what they do or how to
make use of them...
Anyone know what this is about or if it works or is supported
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users