[Snort-users] IPS Inline Mode

Erdem Çulcu erdem at ...16870...
Fri Jun 20 04:51:04 EDT 2014


Hi,

I am new on Snort

I installed with guide and run IDS mode.

I have two problems.

Firstly, Snort handle only host machine packets. I write some rules example:
alert tcp any any -> any any (content:"www.facebook.com";msg:"Facebook
Accessing";sid:1000001;)

This rule works only machine which installed Snort. Other machines accesses
are not handled.

Other problem is Inline Mode.

I run with this command

snort --daq nfq -Q -c /etc/snort/snort.conf  --daq-dir /usr/local/lib/daq
--daq-var device=eth0 -i eth0

Snort gives this error

ERROR: Can't initialize DAQ nfq (-7) - The nfq DAQ module does not support
interface or readback mode!

If I remove "-i eth0", Snort works but do not handle any packets

Thanks for replies

Good Works
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140620/b4566e92/attachment.html>


More information about the Snort-users mailing list