Re: From IDS to IPS

["Joel Esler (jesler)" <jesler () cisco com>]

On Apr 7, 2014, at 4:48 PM, James Lay <jlay () slave-tothe-box net<mailto:jlay () slave-tothe-box net>> wrote:

On 2014-04-07 10:31, Teo En Ming wrote:
Dear James,

May I know what is nfq?

After reading through your email, I still have no idea how to go
about
converting Snort from IDS to IPS.

Could you write a more detailed manual, covering every single step
along the way?

Teo En Ming


NFQ is the linux netfilter queue...basically you setup snort and
netfilter to instead of detect, to block.  I've sent Joel a writeup on
it.


Just posted:

http://www.snort.org/docs

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!