[Snort-users] Snort-inline vs. SnortSam
william.metcalf at ...11827...
Thu Mar 10 07:43:10 EST 2005
I'm not sure I understand, you still have to modify your rules for
snort-inline. The rule types supported are pass
alert|drop|log|pass|reject|sdrop|activate|dynamic You can modify all
rules easily using oinkmaster and your brand new oink code though.
modifysid * "^alert" | "drop"
On Thu, 10 Mar 2005 09:03:23 -0500, Adam Kennedy
<akennedy at ...8498...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Greetings all.
> I'm trying to figure out which of these would best fit my situation.
> I'm going to be using oinkmaster to download the VRT rules.
> I'm also going to be using iptables on a Slackware 10.1 server
> What I'm trying to do is figure out what method is easiest/best for
> automatically blocking traffic snort picks up. I've used snortsam
> before, but re-writing all the rules gets annoying. I've heard that
> oinkmaster can do this for you based on the sid, but I don't want to
> have to maintain a list of sid's (as that will get cumbersome as well).
> Any ideas?
> - --
> Northern Indiana ESC
> Adam Kennedy - akennedy at ...8498...
> Linux Specialist / Network Administrator
> Phone: (574) 254-0111 x113
> Toll Free: 800-326-5642
> Fax: (574) 254-0148
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users