Snort mailing list archives
RE: Snort in IDS mode
From: "Snort" <Snort () InterCept Net>
Date: Tue, 15 Mar 2005 14:09:07 -0500
To "block" traffic, you might want to read up on the flexresp and inline stuff... with the flexresp, you can send tcp_rst packets to the offending host. Download snort look inside the doc folder, there are 2 documents that explain this a bit further snort-2.3.2/doc/README.FLEXRESP and snort-2.3.2/doc/README.INLINE. You can also go here and get more info on the inline stuff: http://snort-inline.com Thanks, Michael Brown -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Mr. venkat Posted At: Tuesday, March 15, 2005 11:10 AM Posted To: Snort Conversation: [Snort-users] Snort in IDS mode Subject: [Snort-users] Snort in IDS mode Hi all, I am using snort 2.3.1 on windows. I don't want to use any database but I want to log all alerts to log files only(I am planning for other way).I could run snort in logging mode but I am unable to run in IDS mode. Can anybody tell me what is the best way to run snort in IDS mode also please tell me the required settings in snort.conf. Can snort block any traffic that match the rules or just it detects? Thanks in advance, --Venkat _________________________________________________________________ Screensavers unlimited! http://www.msn.co.in/Download/screensaver/ Download now! ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort in IDS mode Mr. venkat (Mar 15)
- <Possible follow-ups>
- RE: Snort in IDS mode Snort (Mar 15)