[Snort-users] Snort-users Digest, Vol 1, Issue 4

Marcin Dulak marcin.dulak at gmail.com
Sun Jun 18 16:56:04 EDT 2017


On Sun, Jun 18, 2017 at 9:29 PM, Jim Campbell <jim at w4bqp.net> wrote:

> When you configure Snort to operate in Inline mode, packets that cause an
> alert are also dropped.
>

This depends whether your rule is DROP or ALERT. Snort inline mode does not
have to drop traffic.



> The two documents that best describe this are:
> http://sublimerobots.com/2016/02/snort-ips-inline-mode-on-ubuntu/
> https://s3.amazonaws.com/snort-org-site/production/
> document_files/files/000/000/013/original/Snort_IPS_using_DAQ_AFPacket.pdf
> The information in both are needed.
>

here you find a more complete information including a full system setup,
however only for snort3 and nfq:
https://github.com/marcindulak/vagrant-snort-nfqueue-tutorial-centos7

Marcin


>
> On 6/17/2017 9:52 PM, tantioification . wrote:
>
> Hi Jim,
>
> Could you tell me how to drop any packet that alerted automatically with
> pulledpork?
> in your last post you seem to be successful..
> would you sharing to me?
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170618/142c72e1/attachment.html>


More information about the Snort-users mailing list