[Snort-users] Block packets using snort with pf_ring

Al Lewis (allewi) allewi at ...589...
Mon Sep 28 08:54:46 EDT 2015


Hello,

See the manual here:


http://manual.snort.org/node26.html


The easiest way is to add the blocking to the rule you want.

Add something like

resp: reset_both;

to your rule.

This is explained under the “Flexresp” section.



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...

From: Lavanya Kumar [mailto:lavanyakumar84 at ...11827...]
Sent: Monday, September 28, 2015 2:49 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Block packets using snort with pf_ring


i am running snort-2.9.7.3 with pfring-6.0.3 ,libpcap-1.6.2 and i want to block the packets by writing snort rules.But i am not able to drop packets but they are logging the alerts.
please help me with the snort command and suggestions.
presently i am running snort with the following command  :

/usr/local/snort -Q --process-all-events -c /etc/snort.conf -d --daq pfring --daq-dir=/usr/local/lib/daq/ -l /usr/logs -i eth0:eth1

Thanks
[Image removed by sender.]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150928/cd9addb6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150928/cd9addb6/attachment.jpg>


More information about the Snort-users mailing list