[Snort-users] Daq module for wndows

waldo kitty wkitty42 at ...14940...
Tue Dec 9 20:27:00 EST 2014

On 12/8/2014 2:03 PM, Argcyborg wrote:
> Thanks Joel for the replay, do u know any other way to drop a packet with and
> specific string in windows ?
> Now I can alert if the packet enters, but can´t drop it.
> Im using an app that not work in a Unix based OS.

why do you have to run snort on that winwhatever box? why not place a *nix based 
snort box between the winwhatever box and the rest of the network? then you can 
drop block or even swizzle the traffic in most any way you please ;)

you'd need another machine with two NICs which you would set for snort to bond 
together with you run it inline... possibly a third NIC for management unless 
you prefer to ssh in or use the local console to manage it...

  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list