[Oisf-users] reject-rules don't drop packages

Victor Julien victor at inliniac.net
Tue Jan 10 11:26:07 UTC 2012


On 01/10/2012 12:22 PM, Thorsten Wagener - Travanto Travel wrote:
> hi,
> 
> i haven't seen this bug-report. But that seems to be my problem. Ok, so i have to use af-packet or pfring. 

That would surprise me. You indicated the rst is sent, so the rule
fires. The issue Peter is referring to would cause the rule not to fire.

Cheers,
Victor

> Thanks for the quick reply
> 
> Am 10.01.2012 um 11:16 schrieb Peter Manev <petermanev at gmail.com>:
> 
>> Hi,
>> There is a bug related to inline option set to yes when reading a pcap - that is still not closed.
>> I can't confirm for sure if that could be related to your set u or not.
>> I will try to reproduce it and get some feedback - see if i get the same result........
>>
>> thanks
>>
>> On Tue, Jan 10, 2012 at 10:56 AM, Thorsten Wagener - Travanto Travel <twagener at travanto.de> wrote:
>> Hi,
>>
>> my suricata Version 1.1.1 does not drop packages from reject rules. 
>>
>> I know that there was a Bug, which was fixed in v1.1beta2 but it is still there. Can anyone confirm this Problem? 
>>
>> Drop-rule works and bad traffic is dropped. with reject the traffic is not dropped, but a tcp/rst package is sent. Sometimes the rst-package is incoming before the answer and the connection is cancled, but the bad traffic is still not dropped. 
>>
>> stream inline is set to yes. 
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
>>
>>
>> -- 
>> Peter Manev
> 
> 
> 
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list