Snort mailing list archives
Re: snort-inline vs. snort with inline ??
From: Matt Jonkman <mjonkman () infotex com>
Date: Tue, 11 Apr 2006 09:42:28 -0400
Snort is the tool for most cases, but it does have a steep learning curve. Thankfully there are a number of howto's out there. I'd recommend learning snort in a passive mode to start. Figure out how to tune your rulesets, vars, etc. When you are confident there then choose a way to block. Your options for blocking are: snort_inline Snortsam (www.snortsam.net) Flex response Flex isn't completely effective. Give Snrotsam and inline a good look. Both have advantages, depends on your environment. Nice thing with snortsam is you can share blocks among several devices... <shameless plug> Also be sure to hit bleedingsnort.com for the extra rulesets </shameless plug> Matt Michael W Cocke wrote:
You're quick - checked my web site before you replied (I assume)? I'll stick my neck out and say - based entirely on available info on setup and maint. here on the web - that snort looks better for my purposes. I was just wondering if I was missing something. I took a look at the source, but it's so far over my head I got dizzy. I'm definitely liking the improved security since my last overhaul (when I first installed snort), but since I'm looking at doing it again I thought I'd ask some stupid questions. Since I am, does anyone know of another firewall (besides vuurmuur) that works properly with snort (with inline)? I can tell you that shorewall is supposed to but doesn't. Mike- On Tue, 11 Apr 2006 08:15:20 -0500, you wrote:Using snort-inline is like herding pigs ;-) -William Metcalf On 4/11/06, Michael W Cocke <cocke () catherders com> wrote:I'm trying to work out what the difference is between running snort-inline and snort compiled 'with-inline'... Is there any? Which is better? (I know better is subjective, but give me a clue or two). Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments, ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scriptinglanguagethat extends applications into web and mobile media. Attend the livewebcastand join the prime developer group breaking into this new codingterritory!http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments, ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- -------------------------------------------- Matthew Jonkman, CISSP Senior Security Engineer Infotex 765-429-0398 Direct Anytime 765-448-6847 Office 866-679-5177 24x7 NOC http://my.infotex.com http://www.infotex.com http://www.bleedingsnort.com -------------------------------------------- :wq ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-inline vs. snort with inline ?? Michael W Cocke (Apr 11)
- Re: snort-inline vs. snort with inline ?? Will Metcalf (Apr 11)
- Re: snort-inline vs. snort with inline ?? Michael W Cocke (Apr 11)
- Re: snort-inline vs. snort with inline ?? Matt Jonkman (Apr 11)
- Re: snort-inline vs. snort with inline ?? Will Metcalf (Apr 11)
- Re: snort-inline vs. snort with inline ?? Michael W Cocke (Apr 11)
- Re: snort-inline vs. snort with inline ?? Jason Brvenik (Apr 11)
- Re: snort-inline vs. snort with inline ?? Victor Julien (Apr 11)
- Re: snort-inline vs. snort with inline ?? Jason Brvenik (May 10)
- <Possible follow-ups>
- Re: snort-inline vs. snort with inline ?? Ureleet Ureleet (Apr 11)
- Re: snort-inline vs. snort with inline ?? Will Metcalf (Apr 11)
- Re: snort-inline vs. snort with inline ?? Will Metcalf (Apr 11)