Hi all,
1- can i use snort inline+iptables in router (no bridge) mode under linux?
--yes ,we can do soo.
more help on setup: http://linuxgazette.net/117/savage.html
2- what's the performance issuses when using snort inline + flexresponse
mode?
--i my view performance issues are more.although if you have a good
processer and good configuration still it depends on the traffic.
Regards,
Ratna Kumar
Visual Soft Technologies Ltd
----- Original Message -----
From: "Soi, Dhruv" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[email protected]>
Sent: Monday, August 22, 2005 4:04 PM
Subject: RE: Snort inline and iptables
Dear all,
1- can i use snort inline+iptables in router (no bridge) mode under linux?
Snippet copied from one of the mail that I received from mailing list.
-------------------------------------------------------
There are active-response modules for Snort available.
Snort can do content-detection; with active response, the packets could
be dropped / filtered / redirected.
Michael T. Babcock
Triple PC Ltd.
-------------------------------------------------------
To use it with IPTABLES you need to patch the kernel and netfilter to
support Hex search.
Thanks
Dhruv
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
