Thu Nov 23 16:36:19 EST 2017
>> Is it possible to drop a packet when a rule is matched ?
>> (like HogWash)
Since you mention Hogwash, I'm assuming that you want to discard the backet.
Send it to the bit bucket, /dev/null, whatever. AFAIK, you can't discard the
packet with a snort rule. You can pass, alert, log, and flexresp from rules.
The closest thing that I can think of would be to use flexresp to send a RST
or FIN in reply to the offending packet.
If this isn't what your're looking for, correct me!
More information about the Snort-users