[Snort-users] Daq module for wndows
wkitty42 at ...14940...
Tue Dec 9 20:27:00 EST 2014
On 12/8/2014 2:03 PM, Argcyborg wrote:
> Thanks Joel for the replay, do u know any other way to drop a packet with and
> specific string in windows ?
> Now I can alert if the packet enters, but can´t drop it.
> Im using an app that not work in a Unix based OS.
why do you have to run snort on that winwhatever box? why not place a *nix based
snort box between the winwhatever box and the rest of the network? then you can
drop block or even swizzle the traffic in most any way you please ;)
you'd need another machine with two NICs which you would set for snort to bond
together with you run it inline... possibly a third NIC for management unless
you prefer to ssh in or use the local console to manage it...
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users