No your not, snort_inline still drops these attackes you just don't
see them alert. All midstream_drop_alerts does for you is turn
logging on and off.
Regards,
Will
On 1/22/06, ni...@el... <ni...@el...> wrote:
> But in that case I am also missing attacks in exisiting connections....
> The thing I am thinking is I can avoid snot/stick type of attcks through
> iptables.....'caz i don't want to miss attacks in existing connections..
>
> Regards,
> Nishit Shah.
>
> > you probably just want to get rid of enforce_state, if you enable
> > midstream_drop_alerts you could vulnerable to snot/stick attacks.
> >
> > Regards,
> >
> > Will
> >
> > On 1/21/06, ni...@el... <ni...@el...> wrote:
> >> Hi,
> >>
> >> Is there any way to disable Traffic-Drop for existing connections when
> >> snort_inline restarts ????
> >> I think one way is to use stream4inline without
> >> enforce_sate option & enabling midstream_drop_alerts
> >> option.... is it advisable ??
> >>
> >> Regards,
> >> Nishit Shah.
> >>
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files
> > for problems? Stop! Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=103432&bid#0486&dat=12164=
2
> > _______________________________________________
> > Snort-inline-users mailing list
> > Sno...@li...
> > https://lists.sourceforge.net/lists/listinfo/snort-inline-users
> >
>
>
|
