Project

General

Profile

Actions

Support #1368

closed

Reject rules when out of band

Added by Brian Hennigar almost 10 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

I'm trying to use the reject action to send reset packets when using Suricata out of band using a span port. Running suricata 2.0.5.

For my testing, I'm using an IP address for an internet webserver. When I create the reject rule, I am seeing the suricata alert. Using packet capture, I am seeing a few reset packets coming to my computer and the website does struggle to load but it eventually does load. When suricata is not running, the website loads instantly and I do not see reset packets.

Do you have any suggestions fully preventing the connection while out of band? I would really like to avoid going inline. Using drop packets would work better although not an option because the server is out of band.

Thanks!

Actions

Also available in: Atom PDF