Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Block packets using snort with pf_ring

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Mon, 28 Sep 2015 12:54:46 +0000
Hello,

See the manual here:


http://manual.snort.org/node26.html


The easiest way is to add the blocking to the rule you want.

Add something like

resp: reset_both;

to your rule.

This is explained under the “Flexresp” section.



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Lavanya Kumar [mailto:lavanyakumar84 () gmail com]
Sent: Monday, September 28, 2015 2:49 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Block packets using snort with pf_ring


i am running snort-2.9.7.3 with pfring-6.0.3 ,libpcap-1.6.2 and i want to block the packets by writing snort rules.But 
i am not able to drop packets but they are logging the alerts.
please help me with the snort command and suggestions.
presently i am running snort with the following command  :

/usr/local/snort -Q --process-all-events -c /etc/snort.conf -d --daq pfring --daq-dir=/usr/local/lib/daq/ -l /usr/logs 
-i eth0:eth1

Thanks
[Image removed by sender.]



------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: