Snort mailing list archives
Re: Inline IPS
From: Morgan Cox <morgancoxuk () gmail com>
Date: Wed, 7 Sep 2011 12:15:40 +0100
Hi. Your compile instructions did not have --enable-inline in though (that's why I mentioned lack of inline) If i'm wrong then i'm sorry dude. Regards On 7 September 2011 11:50, Heine Lysemose <lysemose () gmail com> wrote:
Hi Yes my guide is regarding Snort but as and inline deployment. When you're starting snort -Q, you are telling snort to start as IPS and not IDS... and you're pairing two network interfaces when doing this eth1:eth2 (bridging) /usr/local/snort/bin/snort --daq afpacket -Q -c /usr/local/snort/etc/snort.conf -i eth1:eth2 --daq-dir /usr/local/lib/daq <-- this is running snort as inline /Lysemose On Wed, Sep 7, 2011 at 12:34 PM, Morgan Cox <morgancoxuk () gmail com> wrote:HiRead the links I sent in my last post. They have a step by step guide for to setup inline (IPS) mode.... On 7 September 2011 11:10, Damien Hull <dhull () section9 us> wrote:Hmm... What I really want is IPS and not just an IDS. The inline method seems like the only option. Im open to any suggestions. Sent from my iPad On Sep 7, 2011, at 1:58 AM, Morgan Cox <morgancoxuk () gmail com> wrote: Hi. I think Heine Lysemose's info is just for building normal snort (not inline) Check these links out for snort inline building :- <http://www.corypratt.com/projects/snort-2-8-5-2-inline-base-on-ubuntu/> http://www.corypratt.com/projects/snort-2-8-5-2-inline-base-on-ubuntu/ <http://andika-lives-here.blogspot.com/2009/12/build-snort-inline-in-ubuntu-910.html> http://andika-lives-here.blogspot.com/2009/12/build-snort-inline-in-ubuntu-910.html <http://linuxgazette.net/117/savage.html> http://linuxgazette.net/117/savage.html (its old) You also may get info at <http://www.scribd.com/doc/2928518/Snort-inline-as-a-solution> http://www.scribd.com/doc/2928518/Snort-inline-as-a-solution <http://www.inliniac.net/blog/tag/snort_inline> http://www.inliniac.net/blog/tag/snort_inline I thought snort-inline was essentially dead as a project and all development was going on at Suricata (<http://www.openinfosecfoundation.org/> http://www.openinfosecfoundation.org/) see <http://snort-inline.sourceforge.net/> http://snort-inline.sourceforge.net/ suricata ------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Inline IPS Damien Hull (Sep 06)
- Re: Inline IPS Joel Esler (Sep 06)
- Re: Inline IPS Damien Hull (Sep 06)
- Re: Inline IPS Heine Lysemose (Sep 06)
- <Possible follow-ups>
- Re: Inline IPS Morgan Cox (Sep 07)
- Re: Inline IPS Damien Hull (Sep 07)
- Message not available
- Re: Inline IPS Morgan Cox (Sep 07)
- Re: Inline IPS Heine Lysemose (Sep 07)
- Re: Inline IPS Morgan Cox (Sep 07)
- Message not available
- Re: Inline IPS Morgan Cox (Sep 07)
- Re: Inline IPS Heine Lysemose (Sep 07)
- Re: Inline IPS Damien Hull (Sep 07)
- Re: Inline IPS Joel Esler (Sep 07)
- Re: Inline IPS Russ Combs (Sep 07)
- Re: Inline IPS Joel Esler (Sep 06)