Snort mailing list archives
Re: Snort IDS Not Working
From: "Safwat Fahmy" <safwat.fahmy () safemedia com>
Date: Fri, 3 Sep 2010 17:56:04 -0400
Use iptables -I FORWARD -j QUEUE safwat -----Original Message----- From: Bradlee Landis [mailto:bradleelandis () gmail com] Sent: Friday, September 03, 2010 5:39 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort IDS Not Working I am running Devil-Linux (Linux From Scratch distribution), and I'm having trouble getting it working correctly. It is possible that it's been built incorrectly, but I thought I would just see if you could tell me if I'm doing something wrong. I'm running these commands: iptables -A INPUT -j QUEUE snort -Qc /etc/snort/snort.conf -A console But, when I have a QUEUE target in iptables, it blocks all traffic, and starting snort does not make a difference. Snort is detecting packets, even if I don't have a QUEUE target in iptables, so it doesn't seem to be actually running in IDS mode. Here is some output from running snort: # snort -Qc /etc/snort/snort.conf -N -A console Enabling inline operation Running in IDS mode == CUT == *** interface device lookup found: bond0 *** Initializing Network Interface bond0 Decoding Ethernet on interface bond0 == CUT == Not Using PCAP_FRAMES Any ideas? -- Thanks, Brad Landis ---------------------------------------------------------------------------- -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort IDS Not Working Bradlee Landis (Sep 03)
- Re: Snort IDS Not Working Safwat Fahmy (Sep 03)
- Re: Snort IDS Not Working waldo kitty (Sep 03)