[Snort-users] How to use snort as ips in window 7

zaib khan zaibkhan200 at ...11827...
Sun May 21 16:41:06 EDT 2017


I have already install snort
But some rules are not working for me
Like drop connection in tcp syn flood attack etc
On May 22, 2017 12:19 AM, "J Doe" <general at ...17107...> wrote:
>
> Hi Zaib,
>
> Your last message (please see below), did not include a body.  I am
assuming your question is therefore the subject line, which is "how to use
as IPS in win 7".
>
> For installation on Windows, WinSnort.com (linked to from snort.org), may
be your best bet [1].  Note that it mentions using Snort as an IDS and not
as an IPS as your subject referenced.  AFAIK winpcap (a libpcap
implementation via a driver for Windows), does not support injection, but
it may be possible to have a script monitor Snort's output and update the
Windows Firewall (PowerShell ?)
>
> You may find it more beneficial placing Snort on a *nix box, inline, in
front of your Win 7 host(s), as blocking and normalization are then
available.  There is much more third-party support/tools for *nix hosts.
>
> Sources:
> [1]
http://www.winsnort.com/forum/7-support-forums-for-installing-a-3264-bit-windows-7-8x-10-2008-2013-2016-intrusion-detection-system-winids/
>
> - J
>
> On May 21, 2017, at 2:57 PM, zaib khan <zaibkhan200 at ...11827...> wrote:
>
>> <snort-users at lists.sourceforge.net>



More information about the Snort-users mailing list