Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort in IDS mode

From: "Snort" <Snort () InterCept Net>
Date: Tue, 15 Mar 2005 14:09:07 -0500
To "block" traffic, you might want to read up on the flexresp and inline
stuff... with the flexresp, you can send tcp_rst packets to the
offending host. Download snort look inside the doc folder, there are 2
documents that explain this a bit further
snort-2.3.2/doc/README.FLEXRESP and snort-2.3.2/doc/README.INLINE. You
can also go here and get more info on the inline stuff:
http://snort-inline.com

Thanks,
Michael Brown

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mr. venkat
Posted At: Tuesday, March 15, 2005 11:10 AM
Posted To: Snort
Conversation: [Snort-users] Snort in IDS mode
Subject: [Snort-users] Snort in IDS mode

Hi all,
    I am using snort 2.3.1 on windows. I don't want to  use any database
but 
I want to log all alerts to log files only(I am planning for other
way).I 
could run snort in logging mode but I am unable to run in IDS mode. Can 
anybody tell me what is the best way to run snort in IDS mode also
please 
tell me the required settings in snort.conf.

    Can snort block any traffic that match the rules or just it detects?
  Thanks in advance,
--Venkat

_________________________________________________________________
Screensavers unlimited! http://www.msn.co.in/Download/screensaver/
Download 
now!



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: