Re: [Snort-inline-users] client-side attack

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Set flow_depth 0 in your http_inspect configuration.

Regards,

Will

On 5/21/07, Pom Padir <pom...@gm...> wrote:
>
> Hello!
> Iv'e just installed snort-inline 2.6.1 on my linux bridge, and changed all
> the rules to 'drop'.
>
> I used metasploit 3.0 in order to test snort's abilities.
> snort  drops many attacks successfully, but when I use client-side attacks
>
> (which exploits vulnerability in the browser) it fails to stop them.
> I used the default snort-inline.conf file.
>
> why snort-inline doesn't drop the attacks?
>
> thanks
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
>