Re: Snort-inline question

[Alberto Gonzalez <albertg () cerebro violating us>]

I personally haven't used snort-inline. But Hogwash doesn't use iptables 
to drop packets.
If you successfully compiled snort-inline then your good to go. IIRC it 
will only drop packets
in NIDS mode[1], not sniffing mode etc......

Cheers,
   Alberto Gonzalez

[1] Which seems the logical thing todo.. or no?

Amit Kumar Gupta wrote:

> Hi List,
>
>  
>
> I am having some queries abtSnort-inline. Here they are :-
>
> (1) While installing snort-inline whether i have to mention libipq
>
>  directorty. If i don't mention, even then it goes fine. Does it mean
>
>  that it has taken it from the appropriate path.
>
>  
>
> (2) snort-inline has the hogwash functionality. So does it mean that
>
>  it uses iptables. Another thing is Snort-inline is supposed to sit 
> inline
>
>  and prevent malicious packets. How does it do it. Is there any 
> specific command
>
>  for it to do this.
>
>  
>
> (3) I have successfully installed snort-inline, and using snort
>
> commands. So does it mean that whenever i will run snort command in
>
>  any one of the mode(sniffing, IDS, logging), the malicious packets
>
>  will be dropped.
>
>  
>
> Please give your suggestions and views.
>
>  
>
> Regards,
>
> Amit

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users