Snort mailing list archives
inline rules
From: justin joseph <justinjoseph007 () gmail com>
Date: Wed, 19 Aug 2009 15:45:45 +0530
Hi Can one buy inline rules (for IPS) from sourcefire? Or is it sufficient to get IDS rules and then covert to inline rules, like mentioned in http://linuxgazette.net/117/savage.html with below script. cd /etc/snort_inline/rules/ for file in $(ls -1 *.rules) do sed -e 's:^alert:drop:g' ${file} > ${file}.new mv ${file}.new ${file} -f done Have also seen documentation for oinkcode configuration for converting IDS rules to IPS ones. What is the standard way to do this. Is the difference in the rules(IDS and IPS) merely a difference in substituting words(alert -> drop/reject/sdrop?) thank you Justin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- inline rules justin joseph (Aug 19)