Re: Snort-users Digest, Vol 1, Issue 4

[Marcin Dulak via Snort-users <snort-users () lists snort org>]

On Sun, Jun 18, 2017 at 9:29 PM, Jim Campbell <jim () w4bqp net> wrote:

> When you configure Snort to operate in Inline mode, packets that cause an
> alert are also dropped.

This depends whether your rule is DROP or ALERT. Snort inline mode does not
have to drop traffic.



> The two documents that best describe this are:
> http://sublimerobots.com/2016/02/snort-ips-inline-mode-on-ubuntu/
> https://s3.amazonaws.com/snort-org-site/production/
> document_files/files/000/000/013/original/Snort_IPS_using_DAQ_AFPacket.pdf
> The information in both are needed.

here you find a more complete information including a full system setup,
however only for snort3 and nfq:
https://github.com/marcindulak/vagrant-snort-nfqueue-tutorial-centos7

Marcin


> On 6/17/2017 9:52 PM, tantioification . wrote:
>
> Hi Jim,
>
> Could you tell me how to drop any packet that alerted automatically with
> pulledpork?
> in your last post you seem to be successful..
> would you sharing to me?
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!