[Snort-users] SSH MISMATCH

waldo kitty wkitty42 at ...14940...
Sun Oct 21 13:00:52 EDT 2012


On 10/20/2012 02:46, AllowOverride wrote:
>
>
> Preproc implies "inline",

sorry but no... "preproc" implies a "processor before another processor"... 
depending on what you are wanting snort to look at and how you want it to see 
it, they may be necessary...

> i am not running inline,

i do not run inline, either... never have...

> therefore, i shut them off...

eeewww...

> with instructions in pulledpork.conf. i took # away as well
> in preproccessor rules... IDS mode, it's a diff story/conf all together.
> not there yet... eventually. have to figure out/read about inline
> later..

it is my understanding that all inline really does is to place snort /in/ the 
path of the traffic instead of out beside it watching it flow by... by being 
inline, snort can then cause packets to be dropped by dropping them itself and 
not passing them on to the original destination port...




More information about the Snort-users mailing list