[Snort-users] Snort-inline vs. SnortSam

Frank Knobbe frank at ...9761...
Fri Mar 11 23:05:16 EST 2005

On Thu, 2005-03-10 at 09:03 -0500, Adam Kennedy wrote:
> What I'm trying to do is figure out what method is easiest/best for
> automatically blocking traffic snort picks up. I've used snortsam
> before, but re-writing all the rules gets annoying.

Well, you don't want to rewrite "all the rules". I don't recommend you
block blindly on all rules, unless you really want to shoot yourself in
the foot. I highly recommend blocking only on carefully selected rules.

Instead of modifying the rules, you can add the sid and block options
into the sid-block.map file. (See README.rules)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050311/bc8d9c58/attachment.sig>

More information about the Snort-users mailing list