Re: Snort Block rules download for IPS mode

[Joel Esler <jesler () sourcefire com>]

On Jan 24, 2013, at 2:43 AM, immanuel <immanuel2908 () gmail com> wrote:

> Hi All,
>
> I am a beginner in Snort and i have configured snort and the test was success. I have downloaded the default Snort 
> rules available on the website and i am able to see alert logs. But I could not find any alerts for block or drop as 
> all the default rules that are downloaded has only rules defined to alert. Can you please guide to the place where i 
> can download official rules to block /drop unwanted traffic or guide me with the syntax to create block/drop rules?
>
> Following are my deployment scenario:
>
> OS: CentOS 6.3
> Snort version: 2.9.4

To make a rule drop, you must first be running in inline mode (-Q in Snort, with the right DAQ module), but you simply 
change "alert" to "drop" in the rule itself.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!