[Snort-users] Pulledpork Modify Rules Automatically

James Lay jlay at slave-tothe-box.net
Wed Jun 14 21:54:01 EDT 2017


On Wed, 2017-06-14 at 21:42 -0400, Jim Campbell wrote:
> Since I last posted here I ended up formatting my hard drive,
> installing 
> the latest Ubuntu and installing Snort in IPS mode. However, at the
> end 
> of the tutorial on 
> http://sublimerobots.com/2016/02/snort-ips-inline-mode-on-ubuntu/ it 
> shows you how to modify the single local rule to drop rather than
> alert. 
> There is mention of a future page that will tell how to have
> Pulledpork 
> automatically modify all the rules to drop.
> 
> My setup is running in inline mode but so far hasn't reported any 
> packets being flagged. I could sure use some help.
> 
> Thanks,
> 
> Jim
> 
Dropsid.conf is where you'll want to look:
https://github.com/shirkdog/pulledpork/blob/master/etc/dropsid.conf
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170614/90cd5dca/attachment.html>


More information about the Snort-users mailing list