[Snort-users] Snort IDS tcp drop rule

Luc Maignan luc at linxo.com
Thu Mar 1 10:21:19 EST 2018


I use snort as IPS (afpacket inline).

a drop icmp works but a tcp one doesn’t seem to drop packet.

Is there a special thing to do with tcp rule ?

drop tcp any any -> $HOME_NET 80 (msg: "80 dropped »;sid:10000001;rev=001;)

Thanks for any help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180301/3f3023ac/attachment.html>

More information about the Snort-users mailing list