Re: Snort queries

[wkitty42--- via Snort-users <snort-users () lists snort org>]

On 7/18/19 8:12 AM, Justin Xavier wrote:
> Hi All,
>
> We are using Netgate Pfsense firewall in our premises with Snort service 
> installed. We had some queries regarding the service and need your assistance in 
> understanding SNORT.

the answers depend on how snort is set up on that system... we don't know what 
they've done so they will likely have to provide the real answers to your 
questions...

> 1.We observed SNORT logs and found many log entries for snort events. Is it that 
> SNORT is blocking/dropping all these packets?

in IDS mode, snort only reports... it does not block... something else will have 
to do that... whether it does that based on snort alerts or not is up to that 
tool...

in IPS more, snort can block... this requires the rules be changed from alert to 
drop, though...

IDS = intrusion detection system
IPS = intrusion prevention system

--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette