Re: Sticky-drop

[G Ramon Gomez <gene () gomezbrothers com>]

Hi Patrick,
With regards to this particular issue, one thing that caught me when I 
started using RSTs was that the packets get sent using the routing 
table.  In my case I had a stealth bridging firewall that I had set up 
with flexresp, but found that, although Snort was listening on br0 (eth1 
+ eth2, no IPs assigned), RST packets were being emitted on eth0 (my 
management interface, where my only IP was assigned).  As a result, my 
stateful firewalls on the management network were dropping the packets.
Double-check that the RSTs are being sent out the interface you think 
they're going out through.

- Ramon

Patrick Walsh wrote:

>         Also, are there any known bugs with connection resets?  I think the
> reset packets may not be getting sent to both ends of the connection or
> else might not have the proper source port set.
>  


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users