IDS mailing list archives
Re: Snort inline and iptables
From: "Ratnakumar C H" <ratnakumarch () visualsoft-tech com>
Date: Tue, 23 Aug 2005 11:43:01 +0530
Hi all, 1- can i use snort inline+iptables in router (no bridge) mode under linux? --yes ,we can do soo. more help on setup: http://linuxgazette.net/117/savage.html2- what's the performance issuses when using snort inline + flexresponse mode?
--i my view performance issues are more.although if you have a good processer and good configuration still it depends on the traffic.
Regards, Ratna Kumar Visual Soft Technologies Ltd----- Original Message ----- From: "Soi, Dhruv" <dsoi () ipolicynetworks com>
To: <afshinlamei () gmail com>; <focus-ids () securityfocus com> Sent: Monday, August 22, 2005 4:04 PM Subject: RE: Snort inline and iptables
Dear all,1- can i use snort inline+iptables in router (no bridge) mode under linux?Snippet copied from one of the mail that I received from mailing list. ------------------------------------------------------- There are active-response modules for Snort available. Snort can do content-detection; with active response, the packets could be dropped / filtered / redirected. Michael T. Babcock Triple PC Ltd. -------------------------------------------------------To use it with IPTABLES you need to patch the kernel and netfilter to support Hex search.Thanks Dhruv ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Snort inline and iptables afshinlamei (Aug 22)
- Re: Snort inline and iptables Terry Vernon (Aug 22)
- Re: Snort inline and iptables Michal Melewski (Aug 22)
- Re: Snort inline and iptablesy lennu (Aug 23)
- Re: Snort inline and iptablesy Michal Melewski (Aug 23)
- Re: Snort inline and iptablesy lennu (Aug 23)
- Re: Snort inline and iptables Will Metcalf (Aug 22)
- <Possible follow-ups>
- RE: Snort inline and iptables Soi, Dhruv (Aug 22)
- Re: Snort inline and iptables Ratnakumar C H (Aug 23)