Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Drop action behaves as if it's Reject action

From: sky rongo <kkrot185 () gmail com>
Date: Mon, 17 Nov 2014 12:03:00 +0900
Hi,all.
I use Snort-2.9.5.6 as IPS.

I set two rules for test.
drop icmp any any -> any any (msg:"ICMP Test"; sid:1000001; rev:1; )
drop tcp any any -> HOME_NET 22 (msg:"tcp"; sid:1000003; )

When I sent "ping request" to IPS from other, IPS returned "Destination
Port Unreachable".

When I try to connect IPS by ssh,  IPS returned RST,ACK packet and session
was broken.

I want Snort to only drop packet.What should I do?

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: