[Snort-users] Snort-inline question

Alberto Gonzalez albertg at ...7149...
Mon Dec 30 22:35:02 EST 2002


I personally haven't used snort-inline. But Hogwash doesn't use iptables 
to drop packets.
If you successfully compiled snort-inline then your good to go. IIRC it 
will only drop packets
in NIDS mode[1], not sniffing mode etc......

Cheers,
    Alberto Gonzalez

[1] Which seems the logical thing todo.. or no?

Amit Kumar Gupta wrote:

> Hi List,
>
>  
>
> I am having some queries abtSnort-inline. Here they are :-
>
> (1) While installing snort-inline whether i have to mention libipq
>
>  directorty. If i don't mention, even then it goes fine. Does it mean
>
>  that it has taken it from the appropriate path.
>
>  
>
> (2) snort-inline has the hogwash functionality. So does it mean that
>
>  it uses iptables. Another thing is Snort-inline is supposed to sit 
> inline
>
>  and prevent malicious packets. How does it do it. Is there any 
> specific command
>
>  for it to do this.
>
>  
>
> (3) I have successfully installed snort-inline, and using snort
>
> commands. So does it mean that whenever i will run snort command in
>
>  any one of the mode(sniffing, IDS, logging), the malicious packets
>
>  will be dropped.
>
>  
>
> Please give your suggestions and views.
>
>  
>
> Regards,
>
> Amit
>

-- 
The secret to success is to start from scratch and keep on scratching.






More information about the Snort-users mailing list