[Snort-users] Snort IPS Functionality

Will Metcalf william.metcalf at ...11827...
Wed Mar 30 05:35:13 EST 2005


The IPS functionality drops or rejects induvidual packets, unless you
are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and
tell it otherwise.  The IPS functionality uses the QUEUE target in
iptables, or divert sockets in FreeBSD+IPFW.  Nick Rogness wrote a
really great how-to for FreeBSD+snort_inline.

 http://freebsd.rogness.net/snort_inline/

Regards,

Will

On Wed, 30 Mar 2005 14:23:49 +0200, Dave Raven <fx at ...13229...> wrote:
>  
>  
> 
> Hello all, 
> 
>             I'm interested in using snort on a FreeBSD machine as an IPS.
> I've read the docs on the website and as far as I can see the only available
> "IPS" functionality exists on Linux, using iptables. Does this actually just
> drop the questionable packet – or is it generating firewall rules? And does
> any of the IPS functionality work on FreeBSD at all? There was a project a
> while ago called Hogwash, which would do exactly what I'm interested in –
> but that seems long dead… 
> 
>   
> 
> Thanks in advance 
> 
> Dave 
> 
>




More information about the Snort-users mailing list