[Snort-users] Newbie question: reject rule for IPv6

JJ Cummings cummingsj at ...11827...
Sat Dec 10 10:46:29 EST 2011


What does your iptables look like and what is your snort startup command line? Also, use drop, not reject.

Sent from the iRoad

On Dec 9, 2011, at 5:48, K b <urbestfriend at ...11827...> wrote:

> Hello,
> 
> A newbie here and I was trying to setup snort inline with NFQ for IPv6
> services.  Just for testing I have added the following reject rule.
> 
> reject tcp any any -> any 80 (classtype:attempted-user;
> msg:"Snort_test"; content:"snort-test"; sid:9000001; rev:1;)
> 
> Now If I send a traffic with the above content, I see that alerts are
> getting generated but this requests is not being reset as expected.
> 
> I am running snort 2.9.1.2, my snort.conf is unchanged. What am I doing wrong?
> 
> Have a good day.
> 
> Thanks and regards,
> Kumar
> 
> ------------------------------------------------------------------------------
> Learn Windows Azure Live!  Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for 
> developers. It will provide a great way to learn Windows Azure and what it 
> provides. You can attend the event by watching it streamed LIVE online.  
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list