[Snort-users] Snort 2.9.0 Now Available
wkitty42 at ...14940...
Tue Oct 5 12:33:09 EDT 2010
On 10/5/2010 12:12, Russ Combs wrote:
> On Tue, Oct 5, 2010 at 12:00 PM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
> as written above, there is no libnet in use at all in the product i'm working
> with... there's no libdnet, either... we've simply never had a need for
> OK - libnet was only required for inline builds. I'm looking into a change that
> may obviate dnet for Snort when active response is not configured.
interesting... i assume that "active response" means "inline"?? i also assume
that "active response" means that snort does the dropping/blocking of unwanted
traffic and notifies iptables to create drop/block and log rules? how much more
memory is consumed by snort in inline mode?
> > > With 2.9.0, you *must* use the DAQ. By default, you will wind up using a
> > pcap
> > > DAQ, but the DAQ is a separate package that must be installed. This is
> > new for
> > > 2.9.0.
> > ugh! when does the madness end? :lol: i'll have to see if i can hunt
> up the
> > archive for that... hopefully it is available at
> > www.snort.org/ports/snort-current/
> > You can find it here, along with Snort: http://www.snort.org/snort-downloads.
> i'd rather find it in a place that is automation and script friendly... that web
> page link is not :?
> This is another issue worth sending to the web site maintainers.
FWIW: luckily enough, DAQ is available at the above location...
More information about the Snort-users