Re: [Snort-inline-users] Re: Snort_inline restart & existing sessions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

But in that case I am also missing attacks in exisiting connections....
The thing I am thinking is I can avoid snot/stick type of attcks through
iptables.....'caz i don't want to miss attacks in existing connections..

Regards,
Nishit Shah.

> you probably just want to get rid of enforce_state, if you enable
> midstream_drop_alerts you could vulnerable to snot/stick attacks.
>
> Regards,
>
> Will
>
> On 1/21/06, ni...@el... <ni...@el...> wrote:
>> Hi,
>>
>> Is there any way to disable Traffic-Drop for existing connections when
>> snort_inline restarts ????
>>                I think one way is to use stream4inline without
>> enforce_sate option & enabling midstream_drop_alerts
>> option.... is it advisable ??
>>
>> Regards,
>> Nishit Shah.
>>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>