Re: Snort Inline incompatible libipq???

[Shaqe Wan <sha8e () yahoo com>]

Hi,

Spiderslack ....

What happens if you forward all the traffic to the QUEUE, not just the 3389 port? 

Also, did you try forwarding the INPUT chain to the QUEUE, or just the FORWARD chain?

Regards,

--- On Tue, 9/21/10, spiderslack <spiderslack () yahoo com br> wrote:

From: spiderslack <spiderslack () yahoo com br>
Subject: Re: [Snort-users] Snort Inline incompatible libipq???
To: "Tomas Heredia" <tomas.heredia () activesec biz>
Cc: snort-users () lists sourceforge net
Date: Tuesday, September 21, 2010, 12:47 PM





  
On 09/21/2010 03:34 PM, Tomas Heredia wrote:
That
gave me a hint... I'm recalling from past failures :-)

did you "modprobe ip_queue"?

could you post  your "lsmod"?
Hi Tomas.



Following bellow



root@nascimento:~# lsmod 

Module                  Size  Used by

nfnetlink_queue         8141  0 

nfnetlink               4142  1 nfnetlink_queue

xt_NFQUEUE              2344  0 

ip_queue                6324  0 

xt_tcpudp               2667  0 

iptable_filter          2791  0 

ip_tables              18358  1 iptable_filter

x_tables               22429  3 xt_NFQUEUE,xt_tcpudp,ip_tables

bridge                 53152  0 

stp                     2171  1 bridge

fbcon                  39270  71 

tileblit                2487  1 fbcon

font                    8053  1 fbcon

bitblit                 5811  1 fbcon

softcursor              1565  1 bitblit

vga16fb                12757  1 

vgastate                9857  1 vga16fb

radeon                739595  0 

ttm                    60815  1 radeon

drm_kms_helper         30710  1 radeon

ipmi_si                41065  0 

ipmi_msghandler        36955  1 ipmi_si

lp                      9336  0 

parport                37160  1 lp

drm                   198226  3 radeon,ttm,drm_kms_helper

i2c_algo_bit            6024  1 radeon

hpilo                   7985  0 

i3000_edac              3679  0 

psmouse                64608  0 

serio_raw               4950  0 

shpchp                 33679  0 

edac_core              45423  3 i3000_edac

usbhid                 40988  0 

hid                    83376  1 usbhid

tg3                   122350  0 

root@nascimento:~# 





This module ip_queue is loaded.



Regards.

 

-----Inline Attachment Follows-----

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
-----Inline Attachment Follows-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users