[Snort-users] Snort in IDS mode

Snort Snort at ...13151...
Tue Mar 15 11:10:00 EST 2005

To "block" traffic, you might want to read up on the flexresp and inline
stuff... with the flexresp, you can send tcp_rst packets to the
offending host. Download snort look inside the doc folder, there are 2
documents that explain this a bit further
snort-2.3.2/doc/README.FLEXRESP and snort-2.3.2/doc/README.INLINE. You
can also go here and get more info on the inline stuff:

Michael Brown

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mr. venkat
Posted At: Tuesday, March 15, 2005 11:10 AM
Posted To: Snort
Conversation: [Snort-users] Snort in IDS mode
Subject: [Snort-users] Snort in IDS mode

Hi all,
    I am using snort 2.3.1 on windows. I don't want to  use any database
I want to log all alerts to log files only(I am planning for other
could run snort in logging mode but I am unable to run in IDS mode. Can 
anybody tell me what is the best way to run snort in IDS mode also
tell me the required settings in snort.conf.

    Can snort block any traffic that match the rules or just it detects?
  Thanks in advance,

Screensavers unlimited! http://www.msn.co.in/Download/screensaver/

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list