snort inline (non-drop mode) br0

["Lawrence R. Hughes, Sr." <lhughes () safemedia com>]

Hi,

We use snort inline in the non-drop mode and our sensor is listens on br0.
Could it be that we detect the 3whs (session) with stream5, but don't detect when the session has ended, thus giving us 
a high rate of open sessions?

If this is the case, then what interface would be better to use eth0 or eth1 (currently both eth0 & eth1 are configed 
to give us br0) ?

Thanks,
Larry

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users