[Snort-users] Reputation Preprocessor

Joel Esler jesler at ...1935...
Wed Dec 7 18:29:29 EST 2011

In its present release (updates will be coming!) it's most used for inline mode. Blacklist blocks ips, whitelist doesn't inspect the traffic at all and allows it to pass.  

Joel Esler

On Dec 7, 2011, at 5:56 PM, Shlomi Musseri <musseri10 at ...11827...> wrote:

> Hi Guys,
> We work with snort in port mirroring mode. We have a lot of packet drop because we using  a lot of IP blacklist rules.
> In the new version of snort we try to use the Reputation Preprocessor that will help us to runs IP  Reputation before other preprocessors.
> The preprocessor doesn't write any logs.
> Why we don't see any output from the Reputation Preprocessor?? Can it run port mirroring mode ??
> Thanks,
> Shlomi
> ------------------------------------------------------------------------------
> Cloud Services Checklist: Pricing and Packaging Optimization
> This white paper is intended to serve as a reference, checklist and point of 
> discussion for anyone considering optimizing the pricing and packaging model 
> of a cloud services business. Read Now!
> http://www.accelacomm.com/jaw/sfnl/114/51491232/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list