Menu
▾
▴
[Snort-inline-users] Re: Disappearing packets? (resolved -> unresolved -> resolved)
|
From: Peter K. L. <sa...@co...> - 2004-08-02 23:59:31
|
I *think* this is the proper resolution... I don't know whether this is by design, or it is a bug, but I tracked down the problem to be located in 'stream4' preprocessor of the snort system. For the connection cases as I illustrated in the beginning, the stream4 preprocessor issues a 'drop' (since snort_inline changes probably included modifying the preprocessor from 'alert' mode to 'drop' mode). There seems to be some additional functions in that module that were added by 'snort_inline', but I have not delved into figuring out what they do. Only thing I know is that, for whatever reason, it ALWAYS drops incoming 'response' packets, as well as FORWARD packets. My tentative solution is to comment out the module altogether... Does anyone have better idea about this phenomenon? -Peter p.s. this should conclude my unnecessary soliloquy... |
