'[Snort-users] Not able to configure min_response_seconds to 5sec'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [Snort-users] Not able to configure min_response_seconds to 5sec
From:       Ajay Khadpe via Snort-users <snort-users () lists ! snort ! org>
Date:       2017-09-28 11:28:26
Message-ID: CAFWxWd78ztgpBJHtoTTPH42FfVW5KLuNsN2HzBphZ3rS0Q52tQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

Hi,

We have snort 2.9.9.0 working fine.
Configuration for preprocessor stream5_global is as follow :

# Target-Based stateful inspection/stream reassembly.  For more inforation,
see README.stream5
preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5

----------------------------------------------------
As per value of *max_active_responses* and *min_response_seconds*, Snort
will send 2 reset responses if particular signature traffic found more than
5 seconds.
But I found that snort sends reset packets for each packet for all drop
rule( drop tcp any any -> any any ).

I want to set Snort configuration such a way that it will send reset
responses after 5 seconds.

-- 
Thanks & Regards
 Khadpe Ajay
         JS

[Attachment #5 (text/html)]

<div dir="ltr"><div>Hi,</div><div><br></div><div>We have snort 2.9.9.0 working fine.  \
</div><div>Configuration for preprocessor stream5_global is as follow \
:</div><div><br></div><div><br></div><div><div># Target-Based stateful \
inspection/stream reassembly.   For more inforation, see \
README.stream5</div><div>preprocessor stream5_global: track_tcp yes, \</div><div>     \
track_udp yes, \</div><div>     track_icmp no, \</div><div>     max_tcp 262144, \
\</div><div>     max_udp 131072, \</div><div>     max_active_responses 2, \
\</div><div>     min_response_seconds \
5</div></div><div><br></div><div>----------------------------------------------------</div><div>As \
per value of <b>max_active_responses</b> and <b>min_response_seconds</b>,  Snort will \
send 2 reset responses if particular signature traffic found more than 5 \
seconds.</div><div>But I found that snort sends reset packets for each packet for all \
drop rule( drop tcp any any -&gt; any any ).</div><div><br></div><div>I want to set \
Snort configuration such a way that it will send reset responses after 5 \
seconds.</div><div><br></div><div>--  <br></div><div class="gmail_signature">Thanks \
&amp; Regards<br>  Khadpe Ajay<br>              JS<br><br></div> </div>

_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

[prev in list] [next in list] [prev in thread] [next in thread] 