[Snort-devel] kernel panic - DOS attack on snort?

Will Metcalf william.metcalf at ...2499...
Wed Dec 29 06:20:22 EST 2004


Ah Ha, you are doing this wrong, you should have something like 

/usr/local/bin/snort -d -D -Q -c /etc/snort/snort.conf

Notice I didn't specify an interface, because it is not needed.  I
instead told snort we are going to read packets from ip_queue.

So we then send packets snort by having an iptables rule like the following.

iptables -A FORWARD -j QUEUE

Regards,

Will


On Wed, 29 Dec 2004 11:47:48 +0300, Crazy AMD K7 <snort2004 at ...2071...> wrote:
> > Just out of curiosity are you trying to do inline blocking/filtering
> > or just IDS alerting?
> Yes, using iptables.
> 
>




More information about the Snort-devel mailing list