Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pulledpork Modify Rules Automatically

From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 14 Jun 2017 19:54:01 -0600
On Wed, 2017-06-14 at 21:42 -0400, Jim Campbell wrote:

Since I last posted here I ended up formatting my hard drive,
installing 
the latest Ubuntu and installing Snort in IPS mode. However, at the
end 
of the tutorial on 
http://sublimerobots.com/2016/02/snort-ips-inline-mode-on-ubuntu/ it 
shows you how to modify the single local rule to drop rather than
alert. 
There is mention of a future page that will tell how to have
Pulledpork 
automatically modify all the rules to drop.

My setup is running in inline mode but so far hasn't reported any 
packets being flagged. I could sure use some help.

Thanks,

Jim


Dropsid.conf is where you'll want to look:
https://github.com/shirkdog/pulledpork/blob/master/etc/dropsid.conf
James
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: