[Snort-users] Snort IDS Not Working

Bradlee Landis bradleelandis at ...11827...
Fri Sep 3 17:39:00 EDT 2010


I am running Devil-Linux (Linux From Scratch distribution), and I'm
having trouble getting it working correctly. It is possible that it's
been built incorrectly, but I thought I would just see if you could
tell me if I'm doing something wrong.

I'm running these commands:

iptables -A INPUT -j QUEUE
snort -Qc /etc/snort/snort.conf -A console

But, when I have a QUEUE target in iptables, it blocks all traffic,
and starting snort does not make a difference. Snort is detecting
packets, even if I don't have a QUEUE target in iptables, so it
doesn't seem to be actually running in IDS mode.

Here is some output from running snort:

 # snort -Qc /etc/snort/snort.conf -N -A console
 Enabling inline operation
 Running in IDS mode
 == CUT ==
 *** interface device lookup found: bond0
 ***
 Initializing Network Interface bond0
 Decoding Ethernet on interface bond0
 == CUT ==
 Not Using PCAP_FRAMES

Any ideas?

-- 
Thanks,
Brad Landis




More information about the Snort-users mailing list