Snort mailing list archives
Re: snort drop rules
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 9 Nov 2012 09:30:53 -0500
On Nov 9, 2012, at 12:47 AM, amin Salehi <seyedamin_salehi () yahoo com> wrote:
1-whether drop rules load in snort passive mode?
Load? Yes. Function, no.
2-whether sdrop rules load in passive mode? 3-whether reject rules load in passive mode?
See above.
4-if a packet match with more than one rule(same type for example reject) whether all action(alert message) will take place?if yes in which order?which one is take place first?
http://manual.snort.org/node19.html#SECTION00344000000000000000
5-if a packet match with more than on rule(different type for example a reject rule-a drop rule and alert rule) which one of these rules will take place?whether all of rules will take place?if yes in which order?
If you are running Snort inline, and you have a rule set to drop, you will drop the packet.
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort drop rules amin Salehi (Nov 08)
- Re: snort drop rules Joel Esler (Nov 09)