[Snort-users] Snort-inline vs. SnortSam
akennedy at ...8498...
Thu Mar 10 06:04:44 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
I'm trying to figure out which of these would best fit my situation.
I'm going to be using oinkmaster to download the VRT rules.
I'm also going to be using iptables on a Slackware 10.1 server
What I'm trying to do is figure out what method is easiest/best for
automatically blocking traffic snort picks up. I've used snortsam
before, but re-writing all the rules gets annoying. I've heard that
oinkmaster can do this for you based on the sid, but I don't want to
have to maintain a list of sid's (as that will get cumbersome as well).
Northern Indiana ESC
Adam Kennedy - akennedy at ...8498...
Linux Specialist / Network Administrator
Phone: (574) 254-0111 x113
Toll Free: 800-326-5642
Fax: (574) 254-0148
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Snort-users