Re: SSH MISMATCH

[waldo kitty <wkitty42 () windstream net>]

On 10/20/2012 02:46, AllowOverride wrote:
> Preproc implies "inline",

sorry but no... "preproc" implies a "processor before another processor"... 
depending on what you are wanting snort to look at and how you want it to see 
it, they may be necessary...

> i am not running inline,

i do not run inline, either... never have...

> therefore, i shut them off...

eeewww...

> with instructions in pulledpork.conf. i took # away as well
> in preproccessor rules... IDS mode, it's a diff story/conf all together.
> not there yet... eventually. have to figure out/read about inline
> later..

it is my understanding that all inline really does is to place snort /in/ the 
path of the traffic instead of out beside it watching it flow by... by being 
inline, snort can then cause packets to be dropped by dropping them itself and 
not passing them on to the original destination port...

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!