Snort mailing list archives
Re: Snort-inline vs. SnortSam
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 12 Mar 2005 01:04:59 -0600
On Thu, 2005-03-10 at 09:03 -0500, Adam Kennedy wrote:
What I'm trying to do is figure out what method is easiest/best for automatically blocking traffic snort picks up. I've used snortsam before, but re-writing all the rules gets annoying.
Well, you don't want to rewrite "all the rules". I don't recommend you block blindly on all rules, unless you really want to shoot yourself in the foot. I highly recommend blocking only on carefully selected rules. Instead of modifying the rules, you can add the sid and block options into the sid-block.map file. (See README.rules) Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort-inline vs. SnortSam Adam Kennedy (Mar 10)
- Re: Snort-inline vs. SnortSam Will Metcalf (Mar 10)
- Re: Snort-inline vs. SnortSam Frank Knobbe (Mar 11)