[Snort-users] Pulledpork: preprocessors, ips_policy and snort.conf

Michael B miboe60 at ...125...
Sun Apr 26 06:51:18 EDT 2015


How does the pulledpork ips_policy works in conjunction with the snort.conf?
In more detail, does it still make sense to activate preprocessors in my snort.conf, or are they ignored by pulledpork?

For example, if I activate the arpspoof preprocessor in snort.conf, and then run Pulledpork in 'security' mode, the arpspoof rules are all commented.  Surely, I can activate them through the 'enablesid.conf', but then it would mean that the snort.conf options are ignored?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150426/15423cc6/attachment.html>

More information about the Snort-users mailing list