Snort mailing list archives

RE: Snort Inline

From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 28 Feb 2003 10:15:15 -0700

Yes, you can use the recently downloaded snort rules....just make sure to
change all instances of "alert" to "drop".  If a user attempts outbound to a
site that is prohibited by the snort rule, the connection should be dropped
and they should not receive any information at their system except a
timeout.  As for ACID and mySQL...snort-inline relies upon the alert file in
order to work correctly.  It might be possible to compile with mySQL and
then configure the snort daemon in such a way that it logs to the alert file
and to mySQL but you are in unchartered water at that point.  Perhaps that
could be a suggested project for the development team, where snort-inline
can extract the data from mySQL instead of the alert file.  

-----Original Message-----
From: Joe Giles [mailto:jgiles () joeman1 com]
Sent: Friday, February 28, 2003 9:04 AM
To: SnortUsers
Subject: [Snort-users] Snort Inline


List, 
I just downloaded the Snort-In-line app and I have a few questions..

I read the PDF file on how to set it up and configure it. Basically I
have these questions:

1> In essence, this app will BLOCK traffic if it falls into one of the
preset rule sets? So, for instance, I have a user that tries to access a
pornographic web site and it violates a rule, it will BLOCK (DENY) the
return traffic from the website thereby returning an error in his/her
web browser?

2> Can I use the existing SNORT rules that I have in place (Downloaded
last night)

3> Will it still report to my ACID database if I opt to use it instead
of regular SNORT.

4> Can I still use regular SNORT if #3 is a no?

Thanks, and I apologize if these questions have been answered before.

Again, thanks for your time!!!

Joe



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: Snort Inline Amit Kumar Gupta (Dec 31)
- <Possible follow-ups>
- RE: Snort Inline Amit Kumar Gupta (Dec 31)
- RE: Snort Inline Bob McDowell (Jan 02)
- RE: Snort Inline Bob McDowell (Jan 02)
  - Re: Snort Inline Jihoon Chung (Jan 03)
- RE: Snort Inline Kevin Pietersma (Jan 02)
- RE: Snort Inline Bob McDowell (Jan 03)
  - RE: Snort Inline Bob McDowell (Jan 03)
- Snort Inline Joe Giles (Feb 27)
- Snort Inline Joe Giles (Feb 28)
- RE: Snort Inline Slighter, Tim (Feb 28)
  - RE: Snort Inline Joe Giles (Feb 28)
    - Snort Inline Bridge webcatalog (Mar 01)
    - Snort Inline Bridge webcatalog (Mar 03)
- RE: Snort Inline Slighter, Tim (Mar 03)