Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 31 December 2024, 03:56:49 am

Login with username, password and session length

Download the latest community FREE version  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  snort in 2.3
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: snort in 2.3  (Read 11970 times)
killbuddy
Jr. Member
*
Offline Offline

Posts: 2


« on: Wednesday 17 February 2010, 03:03:07 pm »

i have been using endian for a  of days and i have noticed that i am getting messages from snort saying that it is running in IDS mode.  Other errors/notice messages i have been getting include the following:

"Running in IDS mode"
"Cannot set uid and gid when running Snort in inline mode."
"Not Using PCAP_FAMES"

I have installed endian with the default install and started snort.  I have set some rules to drop packets instead of alert on them and rebooted the system.  I just don't know if they are getting dropped or not without putting a packet sniffer on my LAN to verify.

I guess my question is "How would i get snort to run in IPS mode instead of IDS mode?"
Logged
Saltee
Jr. Member
*
Offline Offline

Posts: 8


« Reply #1 on: Sunday 21 February 2010, 11:21:45 pm »

I have the same issue but it does look like Snort is running in IPS (inline mode suggests this).  I have not done any actual sniffing yet to see what's going on as not really had time and have another ids/ips upstream.  One day I will have a look but it's low on my list.

this link explains PCAP_Frames very well (nice page Leon W)
http ://leonward.wordpress.com/2008/07/18/not-using-pcap_frames-aka-when-good-verbosity-goes-bad/

It would be interesting to hear other opinions re this.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 20 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com