Snort mailing list archives
Not able to configure min_response_seconds to 5sec
From: Ajay Khadpe via Snort-users <snort-users () lists snort org>
Date: Thu, 28 Sep 2017 16:46:26 +0530
Hi, We have snort 2.9.9.0 working fine. Configuration for preprocessor stream5_global is as follow : # Target-Based stateful inspection/stream reassembly. For more inforation, see README.stream5 preprocessor stream5_global: track_tcp yes, \ track_udp yes, \ track_icmp no, \ max_tcp 262144, \ max_udp 131072, \ max_active_responses 2, \ min_response_seconds 5 ---------------------------------------------------- As per value of *max_active_responses* and *min_response_seconds*, Snort will send 2 reset responses if particular signature traffic found more than 5 seconds. But I found that snort sends reset packets for each packet for all drop rule( drop tcp any any -> any any ). I want to set Snort configuration such a way that it will send reset responses after 5 seconds. -- Thanks & Regards Khadpe Ajay JS
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Not able to configure min_response_seconds to 5sec Ajay Khadpe via Snort-users (Sep 28)