Snort mailing list archives
SnortInline questions
From: "Grigoris Vidakis" <gvidakis () lab epmhs gr>
Date: Thu, 7 Nov 2002 11:49:07 +0200
hi to all i use snort in my net for the last 6 mounths and i think that i am ready to create some drop reaction. i already use resp and react I want to use the snort inline patch... does anyone knows where i can find some documentation for this patch?? I suppose from the name (inline) that snort will act as an Intrustion Detection Gateway, meanly that it can drop packets in a transparent system(linux bridge box), before it will forward them to the protected network. My quenstions about this type of snort are: What are the main diffs from snort without this patch? This infrastructure is implemented with the addition rule drop?? The snort will take packets from USER SPACE (libipq), insteand of libpcap? What is the role of Iptables? Can anyone help me? Thanks for your time.
Current thread:
- SnortInline questions Grigoris Vidakis (Nov 07)
- Re: SnortInline questions Alberto Gonzalez (Nov 07)
- Re: SnortInline questions Alberto Gonzalez (Nov 08)
- Re: SnortInline questions Alberto Gonzalez (Nov 07)