[Snort-users] divert socket odd behaviour
Sandro guly Zaccarini
guly at ...14592...
Mon Feb 22 16:14:36 EST 2010
hello, i was talkin with a friend today who is writing divert
socket code for openbsd and he uses snort as target daemon. he
experience odd behaviour, using the one line configuration:
drop tcp any any -> any any
the first syn packet of the tcp connection pass the filter and
the syn-ack is dropped. snort 188.8.131.52 configured with --enable-inline,
runt with -vJ $port. snort_inline 2.6 works perfect as he gets even
the syn dropped.
does anybody got 2.8.5.x working inline, even on freebsd, using divert
/"\ taste your favourite IT consultant
\ / gpg public key http://www.guly.org/guly.asc
More information about the Snort-users