Re: Snort inline and iptables
From: Ratnakumar C H (ratnakumarch_at_visualsoft-tech.com)
Date: 08/23/05
- Previous message: snort user: "IPS technology question."
- In reply to: Soi, Dhruv: "RE: Snort inline and iptables"
- Next in thread: Will Metcalf: "Re: Snort inline and iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Soi, Dhruv" <dsoi@ipolicynetworks.com>, <afshinlamei@gmail.com>, <focus-ids@securityfocus.com> Date: Tue, 23 Aug 2005 11:43:01 +0530
Hi all,
1- can i use snort inline+iptables in router (no bridge) mode under linux?
--yes ,we can do soo.
more help on setup: http://linuxgazette.net/117/savage.html
2- what's the performance issuses when using snort inline + flexresponse
mode?
--i my view performance issues are more.although if you have a good
processer and good configuration still it depends on the traffic.
Regards,
Ratna Kumar
Visual Soft Technologies Ltd
----- Original Message -----
From: "Soi, Dhruv" <dsoi@ipolicynetworks.com>
To: <afshinlamei@gmail.com>; <focus-ids@securityfocus.com>
Sent: Monday, August 22, 2005 4:04 PM
Subject: RE: Snort inline and iptables
>
>>Dear all,
>
>>1- can i use snort inline+iptables in router (no bridge) mode under linux?
> Snippet copied from one of the mail that I received from mailing list.
> -------------------------------------------------------
> There are active-response modules for Snort available.
>
> Snort can do content-detection; with active response, the packets could
> be dropped / filtered / redirected.
>
> Michael T. Bab***
> Triple PC Ltd.
> -------------------------------------------------------
>
>
> To use it with IPTABLES you need to patch the kernel and netfilter to
> support Hex search.
>
> Thanks
> Dhruv
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: snort user: "IPS technology question."
- In reply to: Soi, Dhruv: "RE: Snort inline and iptables"
- Next in thread: Will Metcalf: "Re: Snort inline and iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
