Hi Nate,
On Monday 02 August 2004 18:41, Nathaniel Haggard wrote:
> When snort-inline gets a packet that matches a drop rule does it drop
> that packet or does the whole TCP connection drop for a certain amount
> of time.
As far as i know, only the packet. If the dropped packet is a tcp packet with
the syn flag set (for setting up a connection) the connection will not be
established.
>
> While trying snort-inline with irssi I noticed that I would appear to
> stay connected while the lag went up to 255+ and then I would rejoin
> all the channels I used to be in.
>
> Where is the code that does this?
Inside Snort_inline. Snort_inline uses the QUEUE target which allows iptables
to send packets to user-space programs.
> >What new rules does snort-inline add
> to iptables? iptables -L -n showed no new rules.
It doesn't add rules. By using an iptables rule with the QUEUE target iptables
sends the packet to Snort_inline. When Snort_inline thinks the packet should
be dropped, it will notify iptables of this so iptables will then drop the
packet.
If you want to drop a connection i suggest you try reject instead of drop.
Hope this helps,
Regards,
Victor
>
> Nate
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by OSTG. Have you noticed the changes on
> Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
> one more big change to announce. We are now OSTG- Open Source Technology
> Group. Come see the changes on the new OSTG site. www.ostg.com
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
|
