Snort mailing list archives
Snort with AFPacket
From: Sec Aficionado <secaficionado () gmail com>
Date: Mon, 3 Nov 2014 17:24:16 -0500
Hi there, I'm following the steps outlined in the guide "Snort IPS using DAQ AFPacket". I compiled snort with all the requirements and I am using pulledpork for the rules. When I start snort with snort -c <conf path>/snort.conf -i eth1:eth0 -Q I do get the alerts and snort stops some traffic as expected. However, other functions running in that box are bypassed. The machine running snort has a DHCP server, but when snort is running the DHCP server is bypassed, so machines connected down the line get addresses from the next DHCP server higher up in the hierarchy. I want to confirm that this is the expected behavior. I did not expect the other functions to be bypassed, although in retrospective it makes some sense. Is there some documentation, in addition to the manual, about this behavior? Thanks!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort with AFPacket Sec Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)
- Re: Snort with AFPacket Sec_Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)
- Re: Snort with AFPacket Sec Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)
- Re: Snort with AFPacket waldo kitty (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 04)
- Re: Snort with AFPacket Sec_Aficionado (Nov 04)
- Re: Snort with AFPacket James Lay (Nov 04)
- Re: Snort with AFPacket waldo kitty (Nov 04)
- Re: Snort with AFPacket Sec_Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)