[Snort-users] Snort-inline vs. SnortSam

Will Metcalf william.metcalf at ...11827...
Thu Mar 10 07:43:10 EST 2005


I'm not sure I understand, you still have to modify your rules for
snort-inline.  The rule types supported are pass
alert|drop|log|pass|reject|sdrop|activate|dynamic  You can modify all
rules easily using oinkmaster and your brand new oink code though.

modifysid * "^alert" | "drop"

Regards,

Will


On Thu, 10 Mar 2005 09:03:23 -0500, Adam Kennedy
<akennedy at ...8498...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Greetings all.
> 
> I'm trying to figure out which of these would best fit my situation.
> 
> I'm going to be using oinkmaster to download the VRT rules.
> 
> I'm also going to be using iptables on a Slackware 10.1 server
> 
> What I'm trying to do is figure out what method is easiest/best for
> automatically blocking traffic snort picks up. I've used snortsam
> before, but re-writing all the rules gets annoying. I've heard that
> oinkmaster can do this for you based on the sid, but I don't want to
> have to maintain a list of sid's (as that will get cumbersome as well).
> 
> Any ideas?
> Thanks!
> - --
> Northern Indiana ESC
> Adam Kennedy - akennedy at ...8498...
> Linux Specialist / Network Administrator
> Phone: (574) 254-0111 x113
> Toll Free: 800-326-5642
> Fax: (574) 254-0148
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFCMFOrV72KWYU3lA0RAr/OAJ9qU6gk6I0mTsauEcNeBwRHEbTTPwCgj9Wa
> zfFVFBnm/jfl7MF5OfA1CFI=
> =pYz0
> -----END PGP SIGNATURE-----
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list