Actions
Bug #14223
open
Block Offenders - Incorrect statement/description
Status:
New
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
2.6.0
Affected Plus Version:
Affected Architecture:
Description
The description on the options 'Block Offenders' is incorrect for 'inline mode' but still valid for 'Legacy Mode'
Checking this option will automatically block hosts that generate a Snort alert. Default is Not Checked.
Services --> Snort --> Snort Interfaces --> Add/Edit
- When on 'Legacy Mode'
- this does cause IPs to be blocked that have caused alerts.
- I read somewhere that 'Legacy Mode' only alerts or blocks, there is no in-between.
- On 'Inline Mode'
- I have many alerts from 'remote IPs' (i.e. not on my local networks) that are not blocked.
- As far as I know 'inline mode' only drops traffic or alerts you depending on the rules setup in your policies rather than the blanket option of alert or block for any infraction
Snort 4.1.6
Files
No data to display
Actions