Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Help needed with SNORT Inline

From: Piyush Joshi <pj.netfilter () gmail com>
Date: Wed, 14 Apr 2010 11:21:48 +0530
Dear All,
              This is my first post to this mailing list so please help me ....

I have downloaded and installed snort with inline functionality as
well as all dependency required to make it work. I am using Debian 5.0
and have two LAN interface which have been configured as a bridge. now
traffic is passing through this system and could also start snort as
follows:-

/usr/local/bin/snort  -Q -d -l /var/log/snort/ -c /etc/snort/snort.conf -s -D


loaded ip_queue module in kernel as well as send the traffic to snort
with the following two iptables command

iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE

Now i want to convert all alert rules to drop and as per the guide
found oinkmaster can do the same as well as we can update the rules
from snort website ..

Now my question is when there is no connection can be made from snort
system due to running in bridge mode how will it update rules and how
can i convert all rules to drop ..

I want to reset all packets related to chat software like g-talk,
yahoo messanger ...

 Please let me know where i am going wrong ...

Thanks Regards

 Piyush Joshi

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: