Snort mailing list archives
Re: iptables + Snort
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 24 Mar 2003 14:04:42 -0500
Snortsam and inline-snort are packages that add on to snort to make it an IPS, which will do what you want. There's a couple others out there , but I forget the names offhand..
By default snort is an IDS, and that's why it doesn't modify your firewall right out-of-the-tarball. IDS's aren't supposed to do anything but log...
At 11:01 AM 3/24/2003 -0700, Prasanna Sridhar wrote:
Snort keeps listening to the traffic from the Firewall(iptables) . If there is anything wrong (if iptables fails for some packet) ..snort ALERTS the iptables. When I mean ALERT, Snort should automatically update the firewall rules. I dont want to log the alerts..as it would slow down this process. I would appreciate if anyone could give me some ideas.Sorry if this problem has been discussed already. --- Prasanna CS-UNM
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- iptables + Snort Prasanna Sridhar (Mar 24)
- Re: iptables + Snort Erek Adams (Mar 24)
- Re: iptables + Snort Matt Kettler (Mar 24)