[Snort-users] Snort IDS Not Working

Safwat Fahmy safwat.fahmy at ...14822...
Fri Sep 3 17:56:04 EDT 2010


Use     iptables -I FORWARD -j QUEUE
safwat

-----Original Message-----
From: Bradlee Landis [mailto:bradleelandis at ...11827...] 
Sent: Friday, September 03, 2010 5:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort IDS Not Working

I am running Devil-Linux (Linux From Scratch distribution), and I'm
having trouble getting it working correctly. It is possible that it's
been built incorrectly, but I thought I would just see if you could
tell me if I'm doing something wrong.

I'm running these commands:

iptables -A INPUT -j QUEUE
snort -Qc /etc/snort/snort.conf -A console

But, when I have a QUEUE target in iptables, it blocks all traffic,
and starting snort does not make a difference. Snort is detecting
packets, even if I don't have a QUEUE target in iptables, so it
doesn't seem to be actually running in IDS mode.

Here is some output from running snort:

 # snort -Qc /etc/snort/snort.conf -N -A console
 Enabling inline operation
 Running in IDS mode
 == CUT ==
 *** interface device lookup found: bond0
 ***
 Initializing Network Interface bond0
 Decoding Ethernet on interface bond0
 == CUT ==
 Not Using PCAP_FRAMES

Any ideas?

-- 
Thanks,
Brad Landis

----------------------------------------------------------------------------
--
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list