Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-users > 03 > 020543.html (Request Expert snort.org Support)

RE: [Snort-users] Snort Inline

From: Slighter, Tim <tslighter(at)itc.nrcs.usda.gov>
Date: Fri Feb 28 2003 - 12:15:15 EST


Yes, you can use the recently downloaded snort rules....just make sure to change all instances of "alert" to "drop". If a user attempts outbound to a site that is prohibited by the snort rule, the connection should be dropped and they should not receive any information at their system except a timeout. As for ACID and mySQL...snort-inline relies upon the alert file in order to work correctly. It might be possible to compile with mySQL and then configure the snort daemon in such a way that it logs to the alert file and to mySQL but you are in unchartered water at that point. Perhaps that could be a suggested project for the development team, where snort-inline can extract the data from mySQL instead of the alert file.

-----Original Message-----
From: Joe Giles [mailto:jgiles@joeman1.com] Sent: Friday, February 28, 2003 9:04 AM
To: SnortUsers
Subject: [Snort-users] Snort Inline

List,
I just downloaded the Snort-In-line app and I have a few questions..

I read the PDF file on how to set it up and configure it. Basically I have these questions:

1> In essence, this app will BLOCK traffic if it falls into one of the preset rule sets? So, for instance, I have a user that tries to access a pornographic web site and it violates a rule, it will BLOCK (DENY) the return traffic from the website thereby returning an error in his/her web browser?

2> Can I use the existing SNORT rules that I have in place (Downloaded last night)

3> Will it still report to my ACID database if I opt to use it instead of regular SNORT.

4> Can I still use regular SNORT if #3 is a no?

Do you need help?X

Thanks, and I apologize if these questions have been answered before.

Again, thanks for your time!!!

Joe


This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Fri Feb 28 12:24:42 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:45 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library