Snort mailing list archives
Snort-inline
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 14 Mar 2003 07:35:28 -0700
I have submitted a hopeful final draft to the snort site for building and configuring snort-inline as an IPS. The latest draft may not be available for a day or so but keep watch! There has been a lot of confusion about how to build snort-inline and to get it working. Simply enough, there must be 2 builds of snort on the system. First, there has to be either snort-1.9.0 or snort-1.9.1. Either one of these is built with no special options. --enable-flexresp or --with-mysql are NOT required. Just issue the standard "./configure" and "make" and "make install". Assuming snort is located at /usr/local/snort. Grab your snort-inline and just build in your home directory using "./configure --prefix=/usr/local/snort" and follow-up with "make" and "make install". Before getting ahead of oneself, find the snort-inline binary. This should be found in the "/src" directory in snort-inline. Copy this file to /usr/local/bin "cp snort /usr/local/bin/snort-inline". When running snort-inline, the snort-inline binary MUST be used. Failure to do this will inundate you with many undesirable results. For all the rest, go to the snort site and locate the document. Currently working at a 100% success rate blocking scans evasion, etc..with snort-inline !!
Current thread:
- Snort-inline toohs (Jan 06)
- <Possible follow-ups>
- Snort-inline Slighter, Tim (Jan 16)
- snort-inline Slighter, Tim (Jan 21)
- Snort-inline Slighter, Tim (Mar 11)
- Snort-inline Slighter, Tim (Mar 14)
- snort-inline Ales Stibal (Mar 18)