[Snort-users] why old libnet?
mkettler at ...4108...
Mon Mar 28 12:43:57 EST 2005
Joshua Berry wrote:
>Probably because it has support for using reject as well as drop, alert
>and log. The reject keyword allows you to reset the connection rather
>than just drop it.
Yeah, I was looking at the code and you are correct. I guess I
(incorrectly) assumed it somehow used the netfilter reject target to
generate the packets. Instead snort generates them itself.
More information about the Snort-users