I personally haven't used snort-inline. But Hogwash doesn't use iptables
to drop packets.
If you successfully compiled snort-inline then your good to go. IIRC it
will only drop packets
in NIDS mode[1], not sniffing mode etc......
Cheers,
Alberto Gonzalez
[1] Which seems the logical thing todo.. or no?
Amit Kumar Gupta wrote:
Hi List,
I am having some queries abtSnort-inline. Here they are :-
(1) While installing snort-inline whether i have to mention libipq
directorty. If i don't mention, even then it goes fine. Does it mean
that it has taken it from the appropriate path.
(2) snort-inline has the hogwash functionality. So does it mean that
it uses iptables. Another thing is Snort-inline is supposed to sit
inline
and prevent malicious packets. How does it do it. Is there any
specific command
for it to do this.
(3) I have successfully installed snort-inline, and using snort
commands. So does it mean that whenever i will run snort command in
any one of the mode(sniffing, IDS, logging), the malicious packets
will be dropped.
Please give your suggestions and views.
Regards,
Amit
--
The secret to success is to start from scratch and keep on scratching.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users