[Snort-users] Drop action behaves as if it's Reject action

sky rongo kkrot185 at ...11827...
Sun Nov 16 22:03:00 EST 2014


Hi,all.
I use Snort-2.9.5.6 as IPS.

I set two rules for test.
drop icmp any any -> any any (msg:"ICMP Test"; sid:1000001; rev:1; )
drop tcp any any -> HOME_NET 22 (msg:"tcp"; sid:1000003; )

When I sent "ping request" to IPS from other, IPS returned "Destination
Port Unreachable".

When I try to connect IPS by ssh,  IPS returned RST,ACK packet and session
was broken.

I want Snort to only drop packet.What should I do?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141117/aafbdd50/attachment.html>


More information about the Snort-users mailing list