[Snort-users] divert socket odd behaviour

Sandro guly Zaccarini guly at ...14592...
Mon Feb 22 16:14:36 EST 2010


hello, i was talkin with a friend today who is writing divert
socket code for openbsd and he uses snort as target daemon. he
experience odd behaviour, using the one line configuration:
drop tcp any any -> any any

the first syn packet of the tcp connection pass the filter and
the syn-ack is dropped. snort 2.8.5.3 configured with --enable-inline,
runt with -vJ $port. snort_inline 2.6 works perfect as he gets even
the syn dropped. 

does anybody got 2.8.5.x working inline, even on freebsd, using divert
sockets?

sz
-- 
  /"\   taste your favourite IT consultant
  \ /   gpg public key http://www.guly.org/guly.asc
   X    
  / \   





More information about the Snort-users mailing list