[Snort-users] Pulledpork: preprocessors, ips_policy and snort.conf
miboe60 at ...125...
Sun Apr 26 06:51:18 EDT 2015
How does the pulledpork ips_policy works in conjunction with the snort.conf?
In more detail, does it still make sense to activate preprocessors in my snort.conf, or are they ignored by pulledpork?
For example, if I activate the arpspoof preprocessor in snort.conf, and then run Pulledpork in 'security' mode, the arpspoof rules are all commented. Surely, I can activate them through the 'enablesid.conf', but then it would mean that the snort.conf options are ignored?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users