Snort mailing list archives
Re: Snort queries
From: wkitty42--- via Snort-users <snort-users () lists snort org>
Date: Sat, 20 Jul 2019 14:52:55 -0400
On 7/18/19 8:12 AM, Justin Xavier wrote:
Hi All,We are using Netgate Pfsense firewall in our premises with Snort service installed. We had some queries regarding the service and need your assistance in understanding SNORT.
the answers depend on how snort is set up on that system... we don't know what they've done so they will likely have to provide the real answers to your questions...
1.We observed SNORT logs and found many log entries for snort events. Is it that SNORT is blocking/dropping all these packets?
in IDS mode, snort only reports... it does not block... something else will have to do that... whether it does that based on snort alerts or not is up to that tool...
in IPS more, snort can block... this requires the rules be changed from alert to drop, though...
IDS = intrusion detection system IPS = intrusion prevention system -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort queries Justin Xavier (Jul 19)
- Re: Snort queries wkitty42--- via Snort-users (Jul 20)
- Re: Snort queries Ulises Mora Alvarez (Jul 22)
- <Possible follow-ups>
- Re: Snort queries noc (Jul 20)