[Snort-users] snort inline mode

Joel Esler jesler at ...1935...
Sun May 20 11:33:16 EDT 2012


Can you share your compile errors with us?

-- 
Joel Esler

On May 18, 2012, at 6:59 PM, eddie <mrcyberfighter at ...11827...> wrote:

> Hello the snort users:
> I want to get an ips who block attacks so i study a little bit snort and 
> download it from the Ubuntu repository but wenn i set snort in inline 
> mode, the only --daq-mode who works without fatal error is the dump mode 
> with what i test a nmap scan and sea that snort allow it after pressing 
> crtl+c...
> So i compile the source with libnet, daq, and snort: the daq compile 
> instructions don't work, i don't mind and used the daq from the 
> repository. but i have the same problem with the --daq-mode who only 
> work without fatal error with the dump mode who is not an really inline 
> mode after the snort manual.
> 
> I have sea that the most actions from the snort rules are alert and i 
> want to know how snort could work in inline mode with alert action 
> instead of block.
> 
> extract from snort launching:
> Rule application order: 
> activation->dynamic->pass->drop->sdrop->reject->alert->log
> 
> If you want to answers me i have 2 questions:
> -How patch the daq to bring it work in another mode ?
> -Can i get snort rules who have inline actions like block or does the 
> inline mode work otherwise with alert ?
> 
> Thank's for your answers.
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list