[Oisf-users] reject-rules don't drop packages

Thorsten Wagener - Travanto Travel twagener at travanto.de
Tue Jan 10 11:47:03 UTC 2012 

Well, thats true. the rule fires, but the package is not dropped. 

Am 10.01.2012 um 12:26 schrieb Victor Julien <victor at inliniac.net>:

> On 01/10/2012 12:22 PM, Thorsten Wagener - Travanto Travel wrote:
>> hi,
>> 
>> i haven't seen this bug-report. But that seems to be my problem. Ok, so i have to use af-packet or pfring. 
> 
> That would surprise me. You indicated the rst is sent, so the rule
> fires. The issue Peter is referring to would cause the rule not to fire.
> 
> Cheers,
> Victor
> 
>> Thanks for the quick reply
>> 
>> Am 10.01.2012 um 11:16 schrieb Peter Manev <petermanev at gmail.com>:
>> 
>>> Hi,
>>> There is a bug related to inline option set to yes when reading a pcap - that is still not closed.
>>> I can't confirm for sure if that could be related to your set u or not.
>>> I will try to reproduce it and get some feedback - see if i get the same result........
>>> 
>>> thanks
>>> 
>>> On Tue, Jan 10, 2012 at 10:56 AM, Thorsten Wagener - Travanto Travel <twagener at travanto.de> wrote:
>>> Hi,
>>> 
>>> my suricata Version 1.1.1 does not drop packages from reject rules. 
>>> 
>>> I know that there was a Bug, which was fixed in v1.1beta2 but it is still there. Can anyone confirm this Problem? 
>>> 
>>> Drop-rule works and bad traffic is dropped. with reject the traffic is not dropped, but a tcp/rst package is sent. Sometimes the rst-package is incoming before the answer and the connection is cancled, but the bad traffic is still not dropped. 
>>> 
>>> stream inline is set to yes. 
>>> 
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Peter Manev
>> 
>> 
>> 
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> 
> -- 
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> 
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list