Snort-inline vs. SnortSam

[Adam Kennedy <akennedy () niesc k12 in us>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings all.

I'm trying to figure out which of these would best fit my situation.

I'm going to be using oinkmaster to download the VRT rules.

I'm also going to be using iptables on a Slackware 10.1 server

What I'm trying to do is figure out what method is easiest/best for
automatically blocking traffic snort picks up. I've used snortsam
before, but re-writing all the rules gets annoying. I've heard that
oinkmaster can do this for you based on the sid, but I don't want to
have to maintain a list of sid's (as that will get cumbersome as well).

Any ideas?
Thanks!
- --
Northern Indiana ESC
Adam Kennedy - akennedy () niesc k12 in us
Linux Specialist / Network Administrator
Phone: (574) 254-0111 x113
Toll Free: 800-326-5642
Fax: (574) 254-0148
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMFOrV72KWYU3lA0RAr/OAJ9qU6gk6I0mTsauEcNeBwRHEbTTPwCgj9Wa
zfFVFBnm/jfl7MF5OfA1CFI=
=pYz0
-----END PGP SIGNATURE-----


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users