[Snort-devel] Dropping packets using snort

Jason Brvenik jasonb at ...402...
Mon Mar 23 00:53:57 EDT 2009


inline

2009/3/22 Devdutt Patnaik <xendevid at ...2499...>:
> Hi All,
>
> I was developing a preprocessor plugin in snort and need to drop packets
> based on the content.
> I have a couple of basic questions :
>
> 1 > Does snort operate on a copy of the packet ?

sometimes

> 2 > If yes,  does snort-inline work on actual packets ?

yes

> 3 > Can I block certain packets using a mechanism in snort so that it does
> not reach the application.

yes

Try this to get started

$ cd /src/snort/snort-2.8.3.2/src/preprocessors
$ grep -ir drop *

Plenty of references to start with.

>
> Thanks in advance.
>
> -D
>
> ------------------------------------------------------------------------------
> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> easily build your RIAs with Flex Builder, the Eclipse(TM)based development
> software that enables intelligent coding and step-through debugging.
> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>




More information about the Snort-devel mailing list