Snort mailing list archives
Re: [Snort-sigs] To drop packets
From: JP Vossen <vossenjp () netaxs com>
Date: Tue, 9 Dec 2003 01:01:17 -0500 (EST)
Date: Mon, 08 Dec 2003 13:34:25 -0500 To: "Anna Patil" <anna.patil () ddsl net>, <Snort-sigs () lists sourceforge net> From: Matt Kettler <mkettler () evi-inc com> Subject: Re: [Snort-sigs] To drop packets At 01:03 PM 12/8/2003, Anna Patil wrote:Is there any option to drop perticular packet (like alert is for logging).1) this belongs on snort-users, not snort-sigs.
Matt is correct and I've moved my reply there.
2) by itself, snort is a passive sniffer that operates in parallel with the local TCP/IP stack. Thus, if snort "drops" a packet, nothing happens to the copy in the TCP/IP stack.
<snip lots of good stuff about NIDS being passive, and flexresp.> I think the original poster *may* have been asking about pass rules. See the User Manual [0] and the FAQ [1] #4.8, and always read these (and this [2]) before posting. Later, JP [0] http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.2.1 [1] http://www.snort.org/docs/FAQ.txt [2] http://www.theadamsfamily.net/~erek/snort/drinking_game.txt ------------------------------|:::======|-------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ------------------------------|=========|-------------------------------- You used to have to reboot the Windows 9.x series every couple of days because it would crash. Now you have to reboot Windows 200x or XP every couple of days because of a patch. How is that better or more stable? ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Snort-sigs] To drop packets JP Vossen (Dec 08)