[Snort-users] snort inline && current rules.

Josh Berry josh.berry at ...10221...
Tue Nov 25 19:19:02 EST 2003

The best location to get Snort-Inline is http://snort-inline.sourceforge.net.

This site has the most up-to-date copy.

> I need an inline snort to help control some of the attacks against our
> windows servers.  They aren't high-speed access, so the sluggishness
> shouldn't be noticed.
> When I run the compiled inline version with -T I see a bunch of:
>  Unknown keyword 'byte_jump' in rule!
> along with byte_test and rawbytes
> There are way to many of these that will be ignored for me to not try to
> resolve this.
> I've adding the sp_byte_jump and sp_byte_test source files from the 2.0rc3
> to the inline detection plugins section, but I'm keep having to drag more
> and more files from th 2.0 into the inline src to get through compile
> problems, and then some of the inline files don't like the new source
> files... the problem grows bigger and bigger.
> So now I'm wondering, is there a newer version of the inline?  Or is there
> an easier way to do this (maybe pull just a few of the inline files into
> the
> 2.0 src?).
> The inline source I'm using is the snort-inline.tgz on this page:
> http://www.snort.org/dl/contrib/patches/inline/.
> Thanks for any help/comments.
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Josh Berry, CTO
josh.berry at ...10268...

More information about the Snort-users mailing list