Snort mailing list archives

Previous By Date Next
Previous By Thread Next

inline rules

From: justin joseph <justinjoseph007 () gmail com>
Date: Wed, 19 Aug 2009 15:45:45 +0530
Hi

Can one buy inline rules (for IPS) from sourcefire?

Or is it sufficient to get IDS rules and then covert to inline
rules, like mentioned in http://linuxgazette.net/117/savage.html
with below script.

cd /etc/snort_inline/rules/
for file in $(ls -1 *.rules)
do
        sed -e 's:^alert:drop:g' ${file} > ${file}.new
        mv ${file}.new ${file} -f
done

Have also seen documentation for oinkcode configuration for converting
IDS rules to IPS ones.  What is the standard way to do this.  Is the difference
in the rules(IDS and IPS) merely a difference in substituting
words(alert -> drop/reject/sdrop?)

thank you
Justin

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: