Snort mailing list archives
Pulledpork: preprocessors, ips_policy and snort.conf
From: Michael B <miboe60 () hotmail com>
Date: Sun, 26 Apr 2015 12:51:18 +0200
Hello How does the pulledpork ips_policy works in conjunction with the snort.conf? In more detail, does it still make sense to activate preprocessors in my snort.conf, or are they ignored by pulledpork? For example, if I activate the arpspoof preprocessor in snort.conf, and then run Pulledpork in 'security' mode, the arpspoof rules are all commented. Surely, I can activate them through the 'enablesid.conf', but then it would mean that the snort.conf options are ignored? Regards
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulledpork: preprocessors, ips_policy and snort.conf Michael B (Apr 26)