Re: blocking rules snort 3

["Al Lewis \(allewi\) via Snort-sigs" <snort-sigs () lists snort org>]

Hello,

Snort will need to be inline to block effectively. Are your two hosts able to reach each other when snort is NOT 
running (from the two networks in question)? If so then snort is not inline.


Once snort is started it should “bridge” the gap between both networks.




Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>



From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Yvan via Snort-sigs <snort-sigs () lists snort 
org>
Reply-To: Yvan <yvan.urbieta () gmail com>
Date: Monday, April 18, 2022 at 6:35 PM
To: "snort-sigs () lists snort org" <snort-sigs () lists snort org>
Subject: [Snort-sigs] blocking rules snort 3

Hello,

Totally new, to snort 3 and learning how to use it, (  need to make a small presentation at my training center).

I would like to have a few tips or hints on my case.
I’m using 3 vms on gns3, 1 for snort, and the 2 others as clients for test pings.
Rules to trigger alerts seems to work, but not those for blocking.

Any help will be appreciated

Here is a printscreen of one my various attempts, and below the rule file

[cid:image003.png@01D85298.8624B990]


[cid:image004.png@01D85297.B0990FB0]

If more informations are required, please let me know, also i’m not an expert at all at this.


Thanks you in advance for your time.


Yvan



Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!