[Snort-devel] kernel panic - DOS attack on snort?
william.metcalf at ...2499...
Wed Dec 29 06:20:22 EST 2004
Ah Ha, you are doing this wrong, you should have something like
/usr/local/bin/snort -d -D -Q -c /etc/snort/snort.conf
Notice I didn't specify an interface, because it is not needed. I
instead told snort we are going to read packets from ip_queue.
So we then send packets snort by having an iptables rule like the following.
iptables -A FORWARD -j QUEUE
On Wed, 29 Dec 2004 11:47:48 +0300, Crazy AMD K7 <snort2004 at ...2071...> wrote:
> > Just out of curiosity are you trying to do inline blocking/filtering
> > or just IDS alerting?
> Yes, using iptables.
More information about the Snort-devel