Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iptables + Snort

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 24 Mar 2003 14:04:42 -0500
Snortsam and inline-snort are packages that add on to snort to make it an IPS, which will do what you want. There's a couple others out there , but I forget the names offhand..
By default snort is an IDS, and that's why it doesn't modify your firewall right out-of-the-tarball. IDS's aren't supposed to do anything but log... 


At 11:01 AM 3/24/2003 -0700, Prasanna Sridhar wrote:
Snort keeps listening to the traffic from the Firewall(iptables) . If there is anything wrong (if iptables fails for some packet) ..snort ALERTS the iptables. When I mean ALERT, Snort should automatically update the firewall rules. I dont want to log the alerts..as it would slow down this process. I would appreciate if anyone could give me some ideas. 

Sorry if this problem has been discussed already.

---
  Prasanna
  CS-UNM




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: