[Snort-users] Snort 3 active response in passive mode

Jason Gates jason.gates at longmontcolorado.gov
Thu Aug 16 12:35:06 EDT 2018


Has anyone been able to get Snort 3 in passive mode to RST connections when a reject rule triggers? It appears to be a feature in 2.9 https://www.snort.org/faq/readme-active, but wasn't sure about 3.0

Relevant config:

Active = {
                Attempts = 5,
                Device = "eno1",
}
Reject = {
                Reset = 'both'
}


Rule: reject tcp any any -> any 8080 ( msg:"Test reject"; classtype:Trojan-activity; sid:10001; rev:1; )

--
Jason Gates
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180816/ff17c4aa/attachment.html>


More information about the Snort-users mailing list