[Snort-users] Not able to configure min_response_seconds to 5sec

Ajay Khadpe khadpeajay797 at gmail.com
Thu Sep 28 07:16:26 EDT 2017


We have snort working fine.
Configuration for preprocessor stream5_global is as follow :

# Target-Based stateful inspection/stream reassembly.  For more inforation,
see README.stream5
preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5

As per value of *max_active_responses* and *min_response_seconds*, Snort
will send 2 reset responses if particular signature traffic found more than
5 seconds.
But I found that snort sends reset packets for each packet for all drop
rule( drop tcp any any -> any any ).

I want to set Snort configuration such a way that it will send reset
responses after 5 seconds.

Thanks & Regards
 Khadpe Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170928/28eae8a9/attachment.html>

More information about the Snort-users mailing list