Re: snort inline mode

[Joel Esler <jesler () sourcefire com>]

Can you share your compile errors with us?

-- 
Joel Esler

On May 18, 2012, at 6:59 PM, eddie <mrcyberfighter () gmail com> wrote:

> Hello the snort users:
> I want to get an ips who block attacks so i study a little bit snort and 
> download it from the Ubuntu repository but wenn i set snort in inline 
> mode, the only --daq-mode who works without fatal error is the dump mode 
> with what i test a nmap scan and sea that snort allow it after pressing 
> crtl+c...
> So i compile the source with libnet, daq, and snort: the daq compile 
> instructions don't work, i don't mind and used the daq from the 
> repository. but i have the same problem with the --daq-mode who only 
> work without fatal error with the dump mode who is not an really inline 
> mode after the snort manual.
>
> I have sea that the most actions from the snort rules are alert and i 
> want to know how snort could work in inline mode with alert action 
> instead of block.
>
> extract from snort launching:
> Rule application order: 
> activation->dynamic->pass->drop->sdrop->reject->alert->log
>
> If you want to answers me i have 2 questions:
> -How patch the daq to bring it work in another mode ?
> -Can i get snort rules who have inline actions like block or does the 
> inline mode work otherwise with alert ?
>
> Thank's for your answers.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!