Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Switching snort from IDS to IPS mode

From: bobby via Snort-users <snort-users () lists snort org>
Date: Sat, 3 Feb 2018 06:42:58 -0500
I am running Snort inline.  I am running Linux.
What would be the easiest way to replace all rules with drop from alert?
Would I have to run a script to modify each rule, or is there an easier
way?

On Fri, Feb 2, 2018 at 10:13 PM, <wkitty42 () windstream net> wrote:


On 02/02/2018 06:56 PM, bobby via Snort-users wrote:


I would like to switch Snort from IDS to IPS mode.  Is this done only by
modifying the rules, from alert, to drop status, or is there an easier,
better way of accomplishing this?



IIUC, modifying the rules to drop as well as running inline... you have to
be inline for snort to be able to control the connections and drop the ones
you don't want...


--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

Please follow these rules: https://snort.org/faq/what-is-
the-mailing-list-etiquette


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: