[Oisf-users] reject-rules don't drop packages
Thorsten Wagener - Travanto Travel
twagener at travanto.de
Tue Jan 10 11:22:00 UTC 2012
hi,
i haven't seen this bug-report. But that seems to be my problem. Ok, so i have to use af-packet or pfring.
Thanks for the quick reply
Am 10.01.2012 um 11:16 schrieb Peter Manev <petermanev at gmail.com>:
> Hi,
> There is a bug related to inline option set to yes when reading a pcap - that is still not closed.
> I can't confirm for sure if that could be related to your set u or not.
> I will try to reproduce it and get some feedback - see if i get the same result........
>
> thanks
>
> On Tue, Jan 10, 2012 at 10:56 AM, Thorsten Wagener - Travanto Travel <twagener at travanto.de> wrote:
> Hi,
>
> my suricata Version 1.1.1 does not drop packages from reject rules.
>
> I know that there was a Bug, which was fixed in v1.1beta2 but it is still there. Can anyone confirm this Problem?
>
> Drop-rule works and bad traffic is dropped. with reject the traffic is not dropped, but a tcp/rst package is sent. Sometimes the rst-package is incoming before the answer and the connection is cancled, but the bad traffic is still not dropped.
>
> stream inline is set to yes.
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
>
> --
> Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120110/354bbfbe/attachment-0002.html>
More information about the Oisf-users
mailing list