Snort-inline

["Slighter, Tim" <tslighter () itc nrcs usda gov>]

I have submitted a hopeful final draft to the snort site for building and
configuring snort-inline as an IPS.  The latest draft may not be available
for a day or so but keep watch!  There has been a lot of confusion about how
to build snort-inline and to get it working.  Simply enough, there must be 2
builds of snort on the system.  First, there has to be either snort-1.9.0 or
snort-1.9.1.  Either one of these is built with no special options.
--enable-flexresp or --with-mysql are NOT required.  Just issue the standard
"./configure" and "make" and "make install".  Assuming snort is located at
/usr/local/snort.  Grab your snort-inline and just build in your home
directory using "./configure --prefix=/usr/local/snort" and follow-up with
"make" and "make install".  Before getting ahead of oneself, find the
snort-inline binary.  This should be found in the "/src" directory in
snort-inline.  Copy this file to /usr/local/bin "cp snort
/usr/local/bin/snort-inline".  When running snort-inline, the snort-inline
binary MUST be used.  Failure to do this will inundate you with many
undesirable results.  For all the rest, go to the snort site and locate the
document.  Currently working at a 100% success rate blocking scans evasion,
etc..with snort-inline !!