Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort IPS Functionality

From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 30 Mar 2005 07:33:36 -0600
The IPS functionality drops or rejects induvidual packets, unless you
are using the sticky-drop preprocessor from snort_inline-2.3.0-RC1 and
tell it otherwise.  The IPS functionality uses the QUEUE target in
iptables, or divert sockets in FreeBSD+IPFW.  Nick Rogness wrote a
really great how-to for FreeBSD+snort_inline.

 http://freebsd.rogness.net/snort_inline/

Regards,

Will

On Wed, 30 Mar 2005 14:23:49 +0200, Dave Raven <fx () badc0de net> wrote:

 
 

Hello all, 

            I'm interested in using snort on a FreeBSD machine as an IPS.
I've read the docs on the website and as far as I can see the only available
"IPS" functionality exists on Linux, using iptables. Does this actually just
drop the questionable packet – or is it generating firewall rules? And does
any of the IPS functionality work on FreeBSD at all? There was a project a
while ago called Hogwash, which would do exactly what I'm interested in –
but that seems long dead… 

  

Thanks in advance 

Dave 





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: