Re: Sourcefire VRT Rules and Snort Active Response

["Jason D. McCormick" <jasonmc () sei cmu edu>]

> > I am correct in my understanding that when executed this
> > way the Sourcefire VRT rulesets will not actively
> > response since Snort isn't operating in inline mode, yes?

> Snort can still send active responses in IDS mode, so make
> sure that this line or similar is commented out of your
> snort.conf:

> # config response: eth0 attempts 2.

Yes it is, and that's how it comes from Sourcefire in the VRT ruleset too.  I just wanted to make sure there wasn't 
some other "default" value that made this still work with that line commented out (as opposed to set to 0 or 
something).  Sounds like I'm good then?

- Jason

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation