[Snort-users] Snort-inline vs. SnortSam

Adam Kennedy akennedy at ...8498...
Thu Mar 10 06:04:44 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings all.

I'm trying to figure out which of these would best fit my situation.

I'm going to be using oinkmaster to download the VRT rules.

I'm also going to be using iptables on a Slackware 10.1 server

What I'm trying to do is figure out what method is easiest/best for
automatically blocking traffic snort picks up. I've used snortsam
before, but re-writing all the rules gets annoying. I've heard that
oinkmaster can do this for you based on the sid, but I don't want to
have to maintain a list of sid's (as that will get cumbersome as well).

Any ideas?
Thanks!
- --
Northern Indiana ESC
Adam Kennedy - akennedy at ...8498...
Linux Specialist / Network Administrator
Phone: (574) 254-0111 x113
Toll Free: 800-326-5642
Fax: (574) 254-0148
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMFOrV72KWYU3lA0RAr/OAJ9qU6gk6I0mTsauEcNeBwRHEbTTPwCgj9Wa
zfFVFBnm/jfl7MF5OfA1CFI=
=pYz0
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list