Snort mailing list archives
RE: Snort Inline
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 28 Feb 2003 10:15:15 -0700
Yes, you can use the recently downloaded snort rules....just make sure to change all instances of "alert" to "drop". If a user attempts outbound to a site that is prohibited by the snort rule, the connection should be dropped and they should not receive any information at their system except a timeout. As for ACID and mySQL...snort-inline relies upon the alert file in order to work correctly. It might be possible to compile with mySQL and then configure the snort daemon in such a way that it logs to the alert file and to mySQL but you are in unchartered water at that point. Perhaps that could be a suggested project for the development team, where snort-inline can extract the data from mySQL instead of the alert file. -----Original Message----- From: Joe Giles [mailto:jgiles () joeman1 com] Sent: Friday, February 28, 2003 9:04 AM To: SnortUsers Subject: [Snort-users] Snort Inline List, I just downloaded the Snort-In-line app and I have a few questions.. I read the PDF file on how to set it up and configure it. Basically I have these questions: 1> In essence, this app will BLOCK traffic if it falls into one of the preset rule sets? So, for instance, I have a user that tries to access a pornographic web site and it violates a rule, it will BLOCK (DENY) the return traffic from the website thereby returning an error in his/her web browser? 2> Can I use the existing SNORT rules that I have in place (Downloaded last night) 3> Will it still report to my ACID database if I opt to use it instead of regular SNORT. 4> Can I still use regular SNORT if #3 is a no? Thanks, and I apologize if these questions have been answered before. Again, thanks for your time!!! Joe ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort Inline Amit Kumar Gupta (Dec 31)
- <Possible follow-ups>
- RE: Snort Inline Amit Kumar Gupta (Dec 31)
- RE: Snort Inline Bob McDowell (Jan 02)
- RE: Snort Inline Bob McDowell (Jan 02)
- Re: Snort Inline Jihoon Chung (Jan 03)
- RE: Snort Inline Kevin Pietersma (Jan 02)
- RE: Snort Inline Bob McDowell (Jan 03)
- RE: Snort Inline Bob McDowell (Jan 03)
- Snort Inline Joe Giles (Feb 27)
- Snort Inline Joe Giles (Feb 28)
- RE: Snort Inline Slighter, Tim (Feb 28)
- RE: Snort Inline Joe Giles (Feb 28)
- Snort Inline Bridge webcatalog (Mar 01)
- Snort Inline Bridge webcatalog (Mar 03)
- RE: Snort Inline Joe Giles (Feb 28)
- RE: Snort Inline Slighter, Tim (Mar 03)