[Snort-users] why old libnet?

Matt Kettler mkettler at ...4108...
Mon Mar 28 12:43:57 EST 2005


Joshua Berry wrote:

>Probably because it has support for using reject as well as drop, alert
>and log.  The reject keyword allows you to reset the connection rather
>than just drop it.
>

Yeah, I was looking at the code and you are correct. I guess I
(incorrectly) assumed it somehow used the netfilter reject target to
generate the packets. Instead snort generates them itself.




More information about the Snort-users mailing list