Re: new user - snort is not droping pacekts

["Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>]

--On 15 February 2005 08:52 +0100 lokesh.khanna () accelonafrica com wrote:

> I have just installed Snort 2.3.0RC2 on Enterprise Redhat with ACID.
>
> I am using webmin to manage rules. I have used Manhunt and Real Secure
> before. I am using snort 1st time.
>
> I can see lots of Alert in ACID Console. But I do not understand how
> Snort will drop the packet if it is matching any rule.
>
> In Real Secure I used to define action for each rule. How can I do same
> here?

Either use snort in inline (IPS) mode, and replace 'alert' with 'drop', or 
look into using something like SnortSam or Flexresp to run scripts which 
add ACLs to your routers, or rules to your firewalls.

If you don't use snort in inline mode, it's a NIDS and will not interfere 
directly with the sessions that it sees.

> Is there any other tool to manage rules?

Snortcenter2, oinkmaster.

I prefer the latter, these days. Writing an oinkmaster rule to 
programmatically modify dozens of rules is quicker and easier than clicking 
a few hundred times with a greater chance of human error.

> LK

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users