Fwd: 'drop' vs 'reject'

["Yakov Lerner" <iler.ml () gmail com>]

On 8/13/07, rmkml <rmkml () free fr> wrote:
> Hi Yakov,
> sorry I didn't help,
> but maybe send snort rules pb ?
> and send snort conf ?
> what snort version you have ?

Version 2.6.1.3 (Build 36)
snort.conf and chat.rules are attached.
The chat.rules is the standard chat.rules with
'alert' changed either to 'drop', or to 'reject'.

> On Tue, 14 Aug 2007, Yakov Lerner wrote:
>
> > Date: Tue, 14 Aug 2007 15:32:56 +0300
> > From: Yakov Lerner <iler.ml () gmail com>
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] 'drop' vs 'reject'
> >
> > When I put 'reject' on MSN CHAT rules in chat.rules, the
> > inline snort does not block the MSN traffic, but blocks when I
> > put 'drop'.
> > With YAHOO CHAT, it's the opposite. It blocks when I put
> > 'reject' but does not block when I put 'drop'. Why ? What
> > makes this difference ?

Attachment: snort.conf
Description:

Attachment: drop.chat.rules
Description:

Attachment: reject.chat.rules
Description:

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users