Snort mailing list archives
RE: Snort-inline question
From: "Amit Kumar Gupta" <amitkumar.gupta () wipro com>
Date: Tue, 31 Dec 2002 12:25:34 +0530
Hi, I have installed successfully snort-inline with iptables functionality. Well for iptables, it seems that it reads the packets from the queue. Now the doubt is whether explicitly a rule has to be added for the iptables with target as queue or it does it itself. Another thing is : there is hogwash-iptables package which uses iptables. That i have already installed. Regards, Amit -----Original Message----- From: Alberto Gonzalez [mailto:albertg () cerebro violating us] Sent: Tue 12/31/2002 3:07 PM To: 'snort-users () lists sourceforge net' Cc: Subject: Re: [Snort-users] Snort-inline question I personally haven't used snort-inline. But Hogwash doesn't use iptables to drop packets. If you successfully compiled snort-inline then your good to go. IIRC it will only drop packets in NIDS mode[1], not sniffing mode etc...... Cheers, Alberto Gonzalez [1] Which seems the logical thing todo.. or no? Amit Kumar Gupta wrote:
Hi List, I am having some queries abtSnort-inline. Here they are :- (1) While installing snort-inline whether i have to mention libipq directorty. If i don't mention, even then it goes fine. Does it mean that it has taken it from the appropriate path. (2) snort-inline has the hogwash functionality. So does it mean that it uses iptables. Another thing is Snort-inline is supposed to sit inline and prevent malicious packets. How does it do it. Is there any specific command for it to do this. (3) I have successfully installed snort-inline, and using snort commands. So does it mean that whenever i will run snort command in any one of the mode(sniffing, IDS, logging), the malicious packets will be dropped. Please give your suggestions and views. Regards, Amit
-- The secret to success is to start from scratch and keep on scratching. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-inline question Amit Kumar Gupta (Dec 30)
- Re: Snort-inline question Alberto Gonzalez (Dec 30)
- <Possible follow-ups>
- RE: Snort-inline question Amit Kumar Gupta (Dec 30)