Also if anybody can let me know, after a fresh install of roo 1.2 what
configuration settings are required for snort_inline, that'll be great.
I can check that with what i have on my system.
Thanks
Nandhini Thiagarajan <[EMAIL PROTECTED]> wrote:
Rob,
I dont see any errors in var/log/messages.
i see only 1 warning though for snort-inline -
/etc/snort_inline/snort_inline.conf(223) => flush_behavior set in config
file, using old static flushpoints (0)
Is anything happening bcoz of the warning which prevents snort_inline from
working correctly? I'm sure it is triggering the rule but not showing any
logs..
I wanted few clarifications-
1) is snort-inline meant only for outbound connections?
2) do i need to have same set of rules for snort and snort_inline (as "alert"
in snort and "drop" or "replace" in snort_inline.
Thanks in advance,
Nandhini
Robert Mcmillen <[EMAIL PROTECTED]> wrote:
Did you look in /var/log/messages to see what the error was?
Rob
On Mar 13, 2008, at 2:24 PM, Nandhini Thiagarajan wrote:
Thanks for those who all replied to my previous posts on snort inline.
Rob & Will, in the snort_inline config file, i have the following-
preprocessor stream4: disable_evation_alerts
preprocessor stream4_reassemble: both
I tried adding the below rule to telnet.rules in snort_inline.
drop tcp $HOME_NET any -> $EXTERNAL_NET 23 (msg: "Dropping HOME_NET ->
EXTERNAL_NET traffic";)
And after a reboot (restart of snort_inline), snort_inline says FAILED.
I'm not able to add any rule as snort_inline fails to start.
What is the reason for that?If i remove the rule, it starts fine.
What i would like to know, is with roo1.2 have u been able to get
snort_inline logs such as dropping/replacing packets? From your previous post,
i'm not sure if there is any bug as a whole on snort_inline in roo 1.2 or if u
were talking about some enhancement features.
I'm trying to see if there is a bug with snort_inline in roo 1.2 or is there
an error with my set up.
I would appreciate if u can let me know the above detail which will be useful
for my debugs.
Thanks
Nandhini
---------------------------------
Never miss a thing. Make Yahoo your homepage.
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now._______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now._______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
