Honeypots mailing list archives
Re: Snort inline Openbsd version
From: sandro zaccarini <guly () luv guly org>
Date: 1 Apr 2005 22:51:34 -0000
In-Reply-To: <20050308145335.CA80C3E6651 () mail wtamu edu>
Snortsam simply adds Intrusion Prevention functionality to Snort. They do not make versions of snort for specific operating systems. If you want Snort inline then turn your OpenBSD box into a bridge, compile snort, and configure snort. The Snort Website has some good documentation on configuring Snort and there are a few good books available as well (Such as Snort 2.1 published by Syngress).
I was looking for something that DROP malicius packets instantly, snortsam just add a rules *after* the packet transmission. i'm playing with flexresp on an openbsd bridge, that should do what I (we?) want but it simply doesn't, rule is matched but not dropped. i will work on that in the next days, I hope in my silly mistake..any advices are welcome. sandro
Current thread:
- Re: Snort inline Openbsd version sandro zaccarini (Apr 01)