Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort-inline

From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 11 Mar 2003 10:06:55 -0700
A few items that I forgot to point out in the document on the snort site:

1)  When running snort-inline, one must use the binary provided by
snort-inline and NOT the binary provided by the normal snort build.  By
default, the binary will remain in the snort-inline directory unless
"./configure" was run with "./configure --prefix".  In that case the
snort-inline binary will be in the "bin" directory of wherever the "prefix"
specifies

2)  when testing snort-inline to see if it successfully drops traffic.  For
example nmap scans....check your files (/var/log/messages and
/var/log/snort/alert ) to make sure that the event can truly be dropped.
For instance:  nmap -sF -sX -sS -sN will all be picked up by the stream4
preprocessor and therefore will NOT be dropped by snort-inline.  However,
nmap -sU will be dropped.
Previous By Date Next
Previous By Thread Next

Current thread: