Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Pulledpork: preprocessors, ips_policy and snort.conf

From: Michael B <miboe60 () hotmail com>
Date: Sun, 26 Apr 2015 12:51:18 +0200
Hello

How does the pulledpork ips_policy works in conjunction with the snort.conf?
In more detail, does it still make sense to activate preprocessors in my snort.conf, or are they ignored by pulledpork?


For example, if I activate the arpspoof preprocessor in snort.conf, and then run Pulledpork in 'security' mode, the 
arpspoof rules are all commented.  Surely, I can activate them through the 'enablesid.conf', but then it would mean 
that the snort.conf options are ignored?


Regards
                                          
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: