Re: Snort Inline As an IPS

[Will Metcalf <william.metcalf () gmail com>]

You have to send traffic to snort that you want inspected via iptables
QUEUE target see...

doc/README.INLINE in the src tarball...

Regards,

Will

On Fri, Oct 1, 2010 at 11:26 AM, Andres Carrera Rivera
<protoss_black88 () hotmail com> wrote:
> Hi, everyone.
>
> I want to know if somebody has work with snort like a PREVENTION SYSTEM
> (IPS).
> I configured my snort, like this:
>
> ./configure --enable-inline  and some more things like (Mysql,
> DynamicPlugin)...
>
> now I don't know how to work it as an IPS.
>
> will running snort
> I put:
>
> snort -Q -c ./snort.conf
>
> But nothing happens, it doesn't drop or block any connection.
> I want someone that guide me how to configure the snort in an Inline
> mode, so
> it can drop any malicious connection.
>
>
>
> Thanks,
>
> Andres Carrera.
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel