Snort mailing list archives
Re: Sticky-drop
From: Patrick Walsh <pwalsh () esoft com>
Date: Wed, 07 Dec 2005 16:32:02 -0700
Any thoughts on how I can get my hands on or learn more about sticky-drop?I think you are talking about sdrop?
I'm familiar with sdrop. My question is in response to this post from Will earlier today:
sticky-drop in snort-inline can do this. You could probably accomplish the same thing with Snortsam In InlineMode(); but I haven't tried it.
By which I assume that sticky-drop drops the connection and also drops future connections from the target IP. And then there's this posting by Will from 3/30/05:
The IPS functionality drops or rejects induvidual packets, unless you are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and tell it otherwise.
I did find some related preprocessor files in the snort_inline-2.3.0-RC1 tree, but those files don't exist in the 2.4.3 tree, nor can I find any documentation on exactly what they do or how to make use of them... Anyone know what this is about or if it works or is supported somewhere? -- Patrick Walsh eSoft Incorporated 303.444.1600 x3350 http://www.esoft.com/
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Can I automatically include rules? oink (Dec 06)
- Re: Can I automatically include rules? Will Metcalf (Dec 06)
- Re: Can I automatically include rules? oink (Dec 06)
- Sticky-drop Patrick Walsh (Dec 07)
- Re: Sticky-drop G Ramon Gomez (Dec 07)
- Re: Sticky-drop Will Metcalf (Dec 07)
- Re: Sticky-drop Patrick Walsh (Dec 07)
- Message not available
- Re: Sticky-drop Patrick Walsh (Dec 07)
- Re: Sticky-drop Will Metcalf (Dec 07)
- Re: Sticky-drop Joel Esler (Dec 07)
- Re: Can I automatically include rules? Will Metcalf (Dec 06)