Snort mailing list archives
Re: snort inline mode
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 20 May 2012 11:33:16 -0400
Can you share your compile errors with us? -- Joel Esler On May 18, 2012, at 6:59 PM, eddie <mrcyberfighter () gmail com> wrote:
Hello the snort users: I want to get an ips who block attacks so i study a little bit snort and download it from the Ubuntu repository but wenn i set snort in inline mode, the only --daq-mode who works without fatal error is the dump mode with what i test a nmap scan and sea that snort allow it after pressing crtl+c... So i compile the source with libnet, daq, and snort: the daq compile instructions don't work, i don't mind and used the daq from the repository. but i have the same problem with the --daq-mode who only work without fatal error with the dump mode who is not an really inline mode after the snort manual. I have sea that the most actions from the snort rules are alert and i want to know how snort could work in inline mode with alert action instead of block. extract from snort launching: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log If you want to answers me i have 2 questions: -How patch the daq to bring it work in another mode ? -Can i get snort rules who have inline actions like block or does the inline mode work otherwise with alert ? Thank's for your answers. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort inline mode eddie (May 20)
- Re: snort inline mode Joel Esler (May 20)