Re: Snort Using as IPS

[Teo En Ming <teo.en.ming () gmail com>]

Dear Pothineni,

I am not very sure whether there is any documentation for snort source
code. I think Snort sends calls to iptables to drop packets.

Regards,

Teo En Ming


On Thu, Apr 10, 2014 at 5:55 PM, Pothineni sai bhushan <
psaibhushan () gmail com> wrote:

> Thanks a lot. Is there any documentation for snort source code?I would
> like to know where the snort actually sends calls to drop packets .
>
>
>
> On Thu, Apr 10, 2014 at 3:09 PM, Teo En Ming <teo.en.ming () gmail com>wrote:
>
> > Hi,
> >
> > The manual was written by James Lay. You can find the manual at:
> > http://s3.amazonaws.com/snort-org/www/assets/229/ids2ips.txt
> >
> > By the way, the daq you are trying to install is outdated. The latest daq
> > version is 2.0.2. The latest Snort version is 2.9.6.0.
> >
> > Regards,
> >
> > Teo En Ming
> >
> >
> > On Thu, Apr 10, 2014 at 5:12 PM, Pothineni sai bhushan <
> > psaibhushan () gmail com> wrote:
> >
> > > Hi,
> > >  I am new to snort and trying to make it work as IPS.If you dont mind,
> > > can you send me the manual u mentioned at
> > > http://seclists.org/snort/2014/q2/99  .
> > >  I get the following error message while trying to reinstall DAQ
> > >     libtool: install: (cd
> > > /home/bhushan/Downloads/daq-1.1.1/os-daq-modules; /bin/bash
> > > /home/bhushan/Downloads/daq-1.1.1/libtool  --tag CC --mode=relink gcc
> > > -DBUILDING_SO -g -O2 -fvisibility=hidden -Wall -Wwrite-strings
> > > -Wsign-compare -Wcast-align -Wextra -Wformat -Wformat-security
> > > -Wno-unused-parameter -fno-strict-aliasing -fdiagnostics-show-option
> > > -pedantic -std=c99 -D_GNU_SOURCE -module -export-dynamic -avoid-version
> > > -shared -L/usr/local/lib -ldnet -o daq_nfq.la -rpath /usr/local/lib/daq
> > > daq_nfq_la-daq_nfq.lo -lnfnetlink -lnetfilter_queue -L/usr/local/lib -ldnet
> > > ../sfbpf/libsfbpf.la )
> > > libtool: relink: gcc -shared  -fPIC -DPIC  .libs/daq_nfq_la-daq_nfq.o
> > > -L/usr/local/lib -lnfnetlink -lnetfilter_queue -ldnet -lsfbpf  -O2
> > > -Wl,-soname -Wl,daq_nfq.so -o .libs/daq_nfq.so
> > > /usr/bin/ld: /usr/local/lib/libdnet.a(addr.o): relocation R_X86_64_32
> > > against `.rodata.str1.1' can not be used when making a shared object;
> > > recompile with -fPIC
> > > /usr/local/lib/libdnet.a: could not read symbols: Bad value
> > > collect2: error: ld returned 1 exit status
> > > libtool: install: error: relink `daq_nfq.la' with the above command
> > > before installing it
> > >   .
> > >    Could you suggest anything.
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!