Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using SNORT inline

From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 2 Nov 2010 16:16:11 -0400
On Fri, Oct 29, 2010 at 8:42 AM, Dan Dwelley <ddwelley () msad54 org> wrote:


 Hello all,



I’m new to this list and have a question I need answered. I’m installing
SNORT 2.9.0 on Ubuntu 10.04 LTS using David Gullett’s install guide.

It looks as if this install is only an IDS setup rather than an IPS
solution. Am I wrong? I’m looking for something that I can place inline so I
can not only detect issues but act upon them.

Can anyone point me in the correct direction or enlighten me.



With 2.9.0, you enable inline mode when Snort is started by selecting a DAQ
that supports inline mode and giving Snort the -Q argument.

For example:  ./snort --daq afpacket -i eth1:eth2 -c snort.conf -Q

See the DAQ README and Snort's README.daq for more info.




Thank you in advance,

Dan


------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America
contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in
marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: