Snort mailing list archives

RE: Snort-inline question

From: "Amit Kumar Gupta" <amitkumar.gupta () wipro com>
Date: Tue, 31 Dec 2002 12:25:34 +0530

Hi,

I have installed successfully snort-inline with iptables functionality. Well for iptables, it seems that it reads the 
packets from the queue. Now the doubt is whether explicitly a rule has to be added for the iptables with target as 
queue or it does it itself. 

Another thing is : there is hogwash-iptables package which uses iptables. That i have already installed.

Regards,
Amit


-----Original Message-----
From:   Alberto Gonzalez [mailto:albertg () cerebro violating us]
Sent:   Tue 12/31/2002 3:07 PM
To:     'snort-users () lists sourceforge net'
Cc:     
Subject:        Re: [Snort-users] Snort-inline question

I personally haven't used snort-inline. But Hogwash doesn't use iptables 
to drop packets.
If you successfully compiled snort-inline then your good to go. IIRC it 
will only drop packets
in NIDS mode[1], not sniffing mode etc......

Cheers,
    Alberto Gonzalez

[1] Which seems the logical thing todo.. or no?

Amit Kumar Gupta wrote:

Hi List,

 

I am having some queries abtSnort-inline. Here they are :-

(1) While installing snort-inline whether i have to mention libipq

 directorty. If i don't mention, even then it goes fine. Does it mean

 that it has taken it from the appropriate path.

 

(2) snort-inline has the hogwash functionality. So does it mean that

 it uses iptables. Another thing is Snort-inline is supposed to sit 
inline

 and prevent malicious packets. How does it do it. Is there any 
specific command

 for it to do this.

 

(3) I have successfully installed snort-inline, and using snort

commands. So does it mean that whenever i will run snort command in

 any one of the mode(sniffing, IDS, logging), the malicious packets

 will be dropped.

 

Please give your suggestions and views.

 

Regards,

Amit


-- 
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort-inline question Amit Kumar Gupta (Dec 30)
- Re: Snort-inline question Alberto Gonzalez (Dec 30)
- <Possible follow-ups>
- RE: Snort-inline question Amit Kumar Gupta (Dec 30)