Snort mailing list archives
reject is identical to drop
From: HN Nguyen <nhncontact () gmail com>
Date: Wed, 6 Jul 2011 17:24:53 -0700
I'm using snort (v2.9.0.5) inline with iptables. I have a rule with "reject"
action, but when it triggers, no packet is sent back to the sender (tcpdump
on all interfaces confirm this).
The rule is:
reject tcp any any -> any 7
The log shows:
07/07-00:15:19.553113 [Drop][Priority: 0] {TCP} 192.168.41.122:38805 ->
192.168.1.57:7
This is identical to the behaviour when I change the action to "drop".
Is there anything I'm missing or doing wrong?
Thanks.
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- reject is identical to drop HN Nguyen (Jul 06)
- Re: reject is identical to drop Kevin Ross (Jul 07)
- Re: reject is identical to drop Russ Combs (Jul 07)
- Re: reject is identical to drop HN Nguyen (Jul 07)
- Re: reject is identical to drop Russ Combs (Jul 07)
- Re: reject is identical to drop Kevin Ross (Jul 07)