[Snort-users] snort inline (non-drop mode) br0

Lawrence R. Hughes, Sr. lhughes at ...14822...
Tue Feb 1 12:59:58 EST 2011


We use snort inline in the non-drop mode and our sensor is listens on br0.
Could it be that we detect the 3whs (session) with stream5, but don't detect when the session has ended, thus giving us a high rate of open sessions?

If this is the case, then what interface would be better to use eth0 or eth1 (currently both eth0 & eth1 are configed to give us br0) ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110201/6b24c460/attachment.html>

More information about the Snort-users mailing list