Honeypots: Re: Snort inline Openbsd version

[sandro zaccarini <guly () luv guly org>]

In-Reply-To: <20050308145335.CA80C3E6651 () mail wtamu edu>

> Snortsam simply adds Intrusion Prevention functionality to Snort. They do
> not make versions of snort for specific operating systems.
>
> If you want Snort inline then turn your OpenBSD box into a bridge, compile
> snort, and configure snort. The Snort Website has some good documentation on
> configuring Snort and there are a few good books available as well (Such as
> Snort 2.1 published by Syngress).
I was looking for something that DROP malicius packets instantly, snortsam just add a rules *after* the packet 
transmission. i'm playing with flexresp on an openbsd bridge, that should do what I (we?) want but it simply doesn't, 
rule is matched but not dropped. i will work on that in the next days, I hope in my silly mistake..any advices are 
welcome.

sandro