List,
There is a bug that exists in all versions of snort_inline with
thresholding/suppression support. When a rule is configured for
"drop/sdrop" and thresholding/suppression is configured for the same
rule, Once the thresholding/ suppression critera has been meet the
offending packet is no longer dropped. A patch to fix this bug should
be available later today. Until then disable any
thresholding/suppression you have set up. In addition, I have yet to
receive any negative feedback about snort_inline-2.2.0-RC1. Last
chance to send me any complaints/comments/suggestions before I post
the final version later this week.
Thanks to Jeremy Hewlett of Sourcefire for discovering and reporting this bug.
Regards,
Will
|
