[Snort-users] Switching snort from IDS to IPS mode

Martin Lee tesleft at hotmail.com
Sat Feb 3 00:02:49 EST 2018

Can this work for window version?

As I know , window version do not have IPS
But it can configured inline without error in checking.

There are thousand of rules, which rules should be changed from alert to drop?


Ho Yeung, Lee

Get Outlook<https://aka.ms/qtex0l> for iOS
From: Snort-users <snort-users-bounces at lists.snort.org> on behalf of wkitty42 at windstream.net <wkitty42 at windstream.net>
Sent: Saturday, February 3, 2018 11:13:19 AM
To: snort-users at lists.snort.org
Subject: Re: [Snort-users] Switching snort from IDS to IPS mode

On 02/02/2018 06:56 PM, bobby via Snort-users wrote:
> I would like to switch Snort from IDS to IPS mode.  Is this done only by
> modifying the rules, from alert, to drop status, or is there an easier,
> better way of accomplishing this?

IIUC, modifying the rules to drop as well as running inline... you have to be
inline for snort to be able to control the connections and drop the ones you
don't want...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*
Snort-users mailing list
Snort-users at lists.snort.org
Go to this URL to change user options or unsubscribe:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180203/cdb88a63/attachment.html>

More information about the Snort-users mailing list