[Snort-users] SSH MISMATCH
wkitty42 at ...14940...
Sun Oct 21 13:00:52 EDT 2012
On 10/20/2012 02:46, AllowOverride wrote:
> Preproc implies "inline",
sorry but no... "preproc" implies a "processor before another processor"...
depending on what you are wanting snort to look at and how you want it to see
it, they may be necessary...
> i am not running inline,
i do not run inline, either... never have...
> therefore, i shut them off...
> with instructions in pulledpork.conf. i took # away as well
> in preproccessor rules... IDS mode, it's a diff story/conf all together.
> not there yet... eventually. have to figure out/read about inline
it is my understanding that all inline really does is to place snort /in/ the
path of the traffic instead of out beside it watching it flow by... by being
inline, snort can then cause packets to be dropped by dropping them itself and
not passing them on to the original destination port...
More information about the Snort-users