[Snort-users] Difference between drop and reject rules

Mark Greenman mark.greenman.014 at ...11827...
Sun Feb 8 05:22:24 EST 2015


The configuration file, the rules and a pcap file captured at the
client side are attached to the email.
Thanks

On 2/7/15, Joel Esler (jesler) <jesler at ...589...> wrote:
> Drop shouldn't send anything.  So if you are seeing this, we need your
> configuration, rules, and a pcap.
>
> --
> Joel Esler
> Sent from my iPhone
>
> On Feb 7, 2015, at 8:29 AM, Mark Greenman
> <mark.greenman.014 at ...11827...<mailto:mark.greenman.014 at ...11827...>> wrote:
>
> Hi. Do you know why both drop and reject rules work exactly the same. The
> manual says that drop rules must not sent RST packets but they do? Does
> anyone know the reason?
>
> Thanks
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: local.rules
Type: application/octet-stream
Size: 1100 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150208/6203c37b/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.conf
Type: application/octet-stream
Size: 26770 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150208/6203c37b/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.pcap
Type: application/octet-stream
Size: 1208 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150208/6203c37b/attachment-0002.obj>


More information about the Snort-users mailing list