Snort mailing list archives

Snort with AFPacket

From: Sec Aficionado <secaficionado () gmail com>
Date: Mon, 3 Nov 2014 17:24:16 -0500

Hi there,

I'm following the steps outlined in the guide "Snort IPS using DAQ
AFPacket". I compiled snort with all the requirements and I am using
pulledpork for the rules.

When I start snort with
snort -c <conf path>/snort.conf -i eth1:eth0 -Q
I do get the alerts and snort stops some traffic as expected. However,
other functions running in that box are bypassed. The machine running snort
has a DHCP server, but when snort is running the DHCP server is bypassed,
so machines connected down the line get addresses from the next DHCP server
higher up in the hierarchy.

I want to confirm that this is the expected behavior. I did not expect the
other functions to be bypassed, although in retrospective it makes some
sense.

Is there some documentation, in addition to the manual, about this behavior?

Thanks!

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort with AFPacket Sec Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)
  - Re: Snort with AFPacket Sec_Aficionado (Nov 03)
    - Re: Snort with AFPacket James Lay (Nov 03)
    - Re: Snort with AFPacket Sec Aficionado (Nov 03)
    - Re: Snort with AFPacket James Lay (Nov 03)
    - Re: Snort with AFPacket waldo kitty (Nov 03)
    - Re: Snort with AFPacket James Lay (Nov 04)
    - Re: Snort with AFPacket Sec_Aficionado (Nov 04)
    - Re: Snort with AFPacket James Lay (Nov 04)
    - Re: Snort with AFPacket waldo kitty (Nov 04)

(Thread continues...)