Snort mailing list archives
Re: Snort IDS
From: Dave Osbourne <dave () osbourne uk eu org>
Date: Tue, 25 Oct 2016 15:11:56 +0100
Oh dear - I miss read that, indeed, my reply was for I*P*S.... On 2016-10-25 14:40, Jim Campbell wrote:
I am a new user of Snort and far from an expert but it is my understanding that an IDS (Intrusion Detection System) does not drop packets. For that you need to configure Snort as an Intrusion Prevention System (IPS).Converting an IDS to an IPS isn't difficult. You need to add a LAN card and change the configuration. An IPS receives a packet on one LAN card, inspects the packet and if all is well forwards it on the second LAN card. If all is not well it drops the offending packet and reports it to Barnyard2.Hope this helps, Jim Campbell On 10/25/2016 2:51 AM, Dave Osbourne wrote:On my setup there is a log in /var/log/auth.log of the trigger event and the actual packet transgressing is in a .PCAP in /var/log/snort/So yes, the IDS sensor *can* log the dropped packets, but I understand you can configure it not to...D On 2016-10-25 05:13, Murali Krishna wrote:Hi Team, Please help me understand the flow of packets in IDS sensor. Does IDS sensor logs dropped packets? Thanks & Regards, Murali krishna. ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort IDS Murali Krishna (Oct 24)
- Re: Snort IDS Dave Osbourne (Oct 25)
- Re: Snort IDS Jim Campbell (Oct 25)
- Re: Snort IDS Dave Osbourne (Oct 25)
- Re: Snort IDS Jim Campbell (Oct 25)
- Re: Snort IDS Jim Campbell (Oct 25)
- Re: Snort IDS Dave Osbourne (Oct 25)