[Snort-users] From IDS to IPS

Joel Esler (jesler) jesler at ...589...
Mon Apr 7 17:48:16 EDT 2014

I haven’t had the chance to review them yet.

On Apr 7, 2014, at 5:37 PM, Teo En Ming <teo.en.ming at ...11827...<mailto:teo.en.ming at ...11827...>> wrote:

Dear Joel,

Have you posted the manuals which I have written?


Teo En Ming

On Tue, Apr 8, 2014 at 4:54 AM, Joel Esler (jesler) <jesler at ...589...<mailto:jesler at ...589...>> wrote:
On Apr 7, 2014, at 4:48 PM, James Lay <jlay at ...13475...<mailto:jlay at ...13810...5...>> wrote:

On 2014-04-07 10:31, Teo En Ming wrote:
Dear James,

May I know what is nfq?

After reading through your email, I still have no idea how to go
converting Snort from IDS to IPS.

Could you write a more detailed manual, covering every single step
along the way?

Teo En Ming

NFQ is the linux netfilter queue...basically you setup snort and
netfilter to instead of detect, to block.  I've sent Joel a writeup on

Just posted:


Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140407/c99a5d1f/attachment.html>

More information about the Snort-users mailing list