Snort mailing list archives

Re: snort drop rules

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 9 Nov 2012 09:30:53 -0500

On Nov 9, 2012, at 12:47 AM, amin Salehi <seyedamin_salehi () yahoo com> wrote:

1-whether drop rules load in snort passive mode?


Load? Yes.  Function, no.

2-whether sdrop rules load in passive mode?
3-whether reject rules load in passive mode?


See above.

4-if a packet match with more than one rule(same type for example reject) whether all action(alert message) will take 
place?if yes in which order?which one is take place first?


http://manual.snort.org/node19.html#SECTION00344000000000000000

5-if a packet match with more than on rule(different type for example a reject rule-a drop rule and alert rule) which 
one of these rules will take place?whether all of rules will take place?if yes in which order?


If you are running Snort inline, and you have a rule set to drop, you will drop the packet.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

snort drop rules amin Salehi (Nov 08)
- Re: snort drop rules Joel Esler (Nov 09)