[Snort-users] How to use snort as ips in window 7

Joel Esler (jesler) jesler at ...589...
Sun May 21 17:27:46 EDT 2017


Ips on Windows is not supported in Snort today.  Not something we've ever pursued.   

--
Sent from my iPhone

> On May 21, 2017, at 16:44, zaib khan <zaibkhan200 at ...11827...> wrote:
> 
> I have already install snort
> But some rules are not working for me
> Like drop connection in tcp syn flood attack etc
>> On May 22, 2017 12:19 AM, "J Doe" <general at ...17107...> wrote:
>> 
>> Hi Zaib,
>> 
>> Your last message (please see below), did not include a body.  I am
> assuming your question is therefore the subject line, which is "how to use
> as IPS in win 7".
>> 
>> For installation on Windows, WinSnort.com (linked to from snort.org), may
> be your best bet [1].  Note that it mentions using Snort as an IDS and not
> as an IPS as your subject referenced.  AFAIK winpcap (a libpcap
> implementation via a driver for Windows), does not support injection, but
> it may be possible to have a script monitor Snort's output and update the
> Windows Firewall (PowerShell ?)
>> 
>> You may find it more beneficial placing Snort on a *nix box, inline, in
> front of your Win 7 host(s), as blocking and normalization are then
> available.  There is much more third-party support/tools for *nix hosts.
>> 
>> Sources:
>> [1]
> http://www.winsnort.com/forum/7-support-forums-for-installing-a-3264-bit-windows-7-8x-10-2008-2013-2016-intrusion-detection-system-winids/
>> 
>> - J
>> 
>>> On May 21, 2017, at 2:57 PM, zaib khan <zaibkhan200 at ...11827...> wrote:
>>> 
>>> <snort-users at lists.sourceforge.net>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list