Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort IDS Not Working

From: Bradlee Landis <bradleelandis () gmail com>
Date: Fri, 3 Sep 2010 16:39:00 -0500
I am running Devil-Linux (Linux From Scratch distribution), and I'm
having trouble getting it working correctly. It is possible that it's
been built incorrectly, but I thought I would just see if you could
tell me if I'm doing something wrong.

I'm running these commands:

iptables -A INPUT -j QUEUE
snort -Qc /etc/snort/snort.conf -A console

But, when I have a QUEUE target in iptables, it blocks all traffic,
and starting snort does not make a difference. Snort is detecting
packets, even if I don't have a QUEUE target in iptables, so it
doesn't seem to be actually running in IDS mode.

Here is some output from running snort:

 # snort -Qc /etc/snort/snort.conf -N -A console
 Enabling inline operation
 Running in IDS mode
 == CUT ==
 *** interface device lookup found: bond0
 ***
 Initializing Network Interface bond0
 Decoding Ethernet on interface bond0
 == CUT ==
 Not Using PCAP_FRAMES

Any ideas?

-- 
Thanks,
Brad Landis

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: