Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Not able to configure min_response_seconds to 5sec

From: Ajay Khadpe via Snort-users <snort-users () lists snort org>
Date: Thu, 28 Sep 2017 16:46:26 +0530
Hi,

We have snort 2.9.9.0 working fine.
Configuration for preprocessor stream5_global is as follow :


# Target-Based stateful inspection/stream reassembly.  For more inforation,
see README.stream5
preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5

----------------------------------------------------
As per value of *max_active_responses* and *min_response_seconds*, Snort
will send 2 reset responses if particular signature traffic found more than
5 seconds.
But I found that snort sends reset packets for each packet for all drop
rule( drop tcp any any -> any any ).

I want to set Snort configuration such a way that it will send reset
responses after 5 seconds.

-- 
Thanks & Regards
 Khadpe Ajay
         JS

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: