Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-sigs] To drop packets

From: JP Vossen <vossenjp () netaxs com>
Date: Tue, 9 Dec 2003 01:01:17 -0500 (EST)
Date: Mon, 08 Dec 2003 13:34:25 -0500
To: "Anna Patil" <anna.patil () ddsl net>, <Snort-sigs () lists sourceforge net>
From: Matt Kettler <mkettler () evi-inc com>
Subject: Re: [Snort-sigs] To drop packets

At 01:03 PM 12/8/2003, Anna Patil wrote:


Is there any option to drop perticular packet (like alert is for logging).


1) this belongs on snort-users, not snort-sigs.


Matt is correct and I've moved my reply there.



2) by itself, snort is a passive sniffer that operates in parallel with the
local TCP/IP stack. Thus, if snort "drops" a packet, nothing happens to the
copy in the TCP/IP stack.


<snip lots of good stuff about NIDS being passive, and flexresp.>

I think the original poster *may* have been asking about pass rules.  See the
User Manual [0] and the FAQ [1] #4.8, and always read these (and this [2])
before posting.

Later,
JP

[0] http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.2.1
[1] http://www.snort.org/docs/FAQ.txt
[2] http://www.theadamsfamily.net/~erek/snort/drinking_game.txt
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: