[PLUG] snort_inline
Carla Schroder
carla at bratgrrl.com
Tue Jun 20 22:52:06 UTC 2006
OK, that helps, I didn't know that react and resp were Snort keywords. Until
now I've relied on Oinkmaster to download new rules and not tinkered much
with the guts. Woohoo, progress!
On Tuesday 20 June 2006 12:21 pm, Tim Slighter wrote:
> You are right, I got most of my information using the snort manual for
> how to configure and change the rules. It is pretty straightforward.
> You will need to have a specific version of libnids from packetfactory
> and when you attempt to build using
>
> ./configure --enable-flexresp
>
> it will tell you exactly what version you need and where to get it.
>
> the rules come down to react and resp depending upon which side of the
> connection you want to drop. Sorry I cannot be of much more help in
> terms of documentation. If want an already configured version that
> runs from a bootable cd, check out network security toolkit at -
> http://www.networksecuritytoolkit.org.
>
>
> On 6/20/06, Carla Schroder <carla at bratgrrl.com> wrote:
> > There are all kinds of docs for snort-inline, it's --enable-flexresp
that's
> > I'm having trouble with. Though searching on 'flexresp' gets some hits.
> >
> > On Tuesday 20 June 2006 11:33 am, Tim Slighter wrote:
> > > which one? snort-inline or flex-response?
> > >
> > >
> > > On 6/20/06, Carla Schroder <carla at bratgrrl.com> wrote:
> > > >
> > > > Can you point me to a reference? I'm looking all over and not finding
much
> > > > information. Thanks!
> > > >
> > > > On Monday 19 June 2006 10:47 pm, Tim Slighter wrote:
> > > > > Have used it many times but configuring and building
> > snort --enable-flexresp
> > > > > is a lot easier
> > > > >
> > > > > On 6/19/06, Carla Schroder <carla at bratgrrl.com> wrote:
> > > > > >
> > > > > > Is anyone running snort_inline? It looks interesting, but it's a
lot
> > of
> > > > > > work
> > > > > > to set up, so I'd like to hear from any brave souls that have
already
> > > > > > given
> > > > > > it a go.
> > > > > >
> > > >
> > > > --
> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > Carla Schroder
> > > > check out my "Linux Cookbook", the ultimate Linux user's
> > > > and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > _______________________________________________
> > > > PLUG mailing list
> > > > PLUG at lists.pdxlinux.org
> > > > http://lists.pdxlinux.org/mailman/listinfo/plug
> > > >
> > > _______________________________________________
> > > PLUG mailing list
> > > PLUG at lists.pdxlinux.org
> > > http://lists.pdxlinux.org/mailman/listinfo/plug
> > >
> > >
> > >
> >
> > --
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Carla Schroder
> > check out my "Linux Cookbook", the ultimate Linux user's
> > and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > _______________________________________________
> > PLUG mailing list
> > PLUG at lists.pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
check out my "Linux Cookbook", the ultimate Linux user's
and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the PLUG
mailing list