EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Friday 15 November 2024, 06:42:28 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14255
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
General Support
snort in 2.3
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: snort in 2.3 (Read 10591 times)
killbuddy
Jr. Member
Offline
Posts: 2
snort in 2.3
«
on:
Wednesday 17 February 2010, 03:03:07 pm »
i have been using endian for a of days and i have noticed that i am getting messages from snort saying that it is running in IDS mode. Other errors/notice messages i have been getting include the following:
"Running in IDS mode"
"Cannot set uid and gid when running Snort in inline mode."
"Not Using PCAP_FAMES"
I have installed endian with the default install and started snort. I have set some rules to drop packets instead of alert on them and rebooted the system. I just don't know if they are getting dropped or not without putting a packet sniffer on my LAN to verify.
I guess my question is "How would i get snort to run in IPS mode instead of IDS mode?"
Logged
Saltee
Jr. Member
Offline
Posts: 8
Re: snort in 2.3
«
Reply #1 on:
Sunday 21 February 2010, 11:21:45 pm »
I have the same issue but it does look like Snort is running in IPS (inline mode suggests this). I have not done any actual sniffing yet to see what's going on as not really had time and have another ids/ips upstream. One day I will have a look but it's low on my list.
this link explains PCAP_Frames very well (nice page Leon W)
http ://leonward.wordpress.com/2008/07/18/not-using-pcap_frames-aka-when-good-verbosity-goes-bad/
It would be interesting to hear other opinions re this.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.031 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com