Thanks for those who all replied to my previous posts on snort inline.
Rob & Will, in the snort_inline config file, i have the following-
preprocessor stream4: disable_evation_alerts
preprocessor stream4_reassemble: both
I tried adding the below rule to telnet.rules in snort_inline.
drop tcp $HOME_NET any -> $EXTERNAL_NET 23 (msg: "Dropping HOME_NET ->
EXTERNAL_NET traffic";)
And after a reboot (restart of snort_inline), snort_inline says FAILED.
I'm not able to add any rule as snort_inline fails to start.
What is the reason for that?If i remove the rule, it starts fine.
What i would like to know, is with roo1.2 have u been able to get
snort_inline logs such as dropping/replacing packets? From your previous post,
i'm not sure if there is any bug as a whole on snort_inline in roo 1.2 or if u
were talking about some enhancement features.
I'm trying to see if there is a bug with snort_inline in roo 1.2 or is there
an error with my set up.
I would appreciate if u can let me know the above detail which will be useful
for my debugs.
Thanks
Nandhini
---------------------------------
Never miss a thing. Make Yahoo your homepage._______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
