[Snort-users] Need help in interpreting some Docs

Justin Heath justin.heath at ...11827...
Wed Oct 25 14:55:11 EDT 2006


I am unaware of a port or patch that makes use of the PF interface. However,
snort and snort-inline can use the ipfw interface.

On 10/25/06, John Draper <lists at ...13962...> wrote:
>
> Hi,
>
> I'm posting this to both OpenBSD and Snort mailing lists.
> In reading through the snort documentation, in section 1.5
> (Inline mode), they state the following...
>
> "In order for Snort Inline to work properly, Download and compile
> the iptables code to include "make install-devel".
> (http://www,iptables.org)
> Would I do the "make install-devel" from within the Snort's Source
> build system,  or the iptables build system?.
> This will install the libipq library that allows snort Inline to
> interface with iptables.  Also, you must build and install LibNet,
> which is available from www.packetfactory.net.
>
> Ok, all fine and well,  but I'm using snort on an OpenBSD platform,
> which uses PF instead of iptables...   I'm assuming that iptables is
> only for Linux,  or does OpenBSD also use iptables?   I didn't see
> any mention of it in either OpenBSD docs or Snort docs other then
> this, and as far as I can remember,  iptables is used primarily with
> Linux, is that right?
>
> Would I follow the same installation procedures? or would I ditch this
> effort alltogether and write it off as something OpenBSD is not setup
> to do,  or is there an alternative I can use with Snort?
>
> I haven't looked at Snort since 2003, and from reading the new docs,
> a lot of new features have been added,  some of which I haven't
> come across yet.
>
> I'm basically setting up snort that if it sees a Priority one attack
> it executes a script or Binary file,  well,  actually it will instantiate
> a thread that does this in whatever scripting language I choose (Python)
> in my case.
>
> I Haven't read ALL the new stuff yet, but am ready to install any
> additional utilities, like Barnyard.  Which I already have running.
>
> Is it possible to use Snort in normal NIDS mode, then when I get a
> higher priority attach,  to switch to Inline mode?  How fast
> can Snort switch from one mode to another?   Also, is it possible
> to use Snort to "look at" a binary file and display contents via
> the ./snort -dvr option while snort is running?
>
> Thanx
> John
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061025/65aaea64/attachment.html>


More information about the Snort-users mailing list