So i have a telnet rule which is getting triggered by snort when i do a telnet
outbound connection from a honeypot to a production machine,
I have set the above same telnet rule as "drop" in the snort_inline rules.
I'm getting snort alerts for the above telnet rule. Fine. But why isnt it
dropping the connection and giving snort_inline logs?
I have spent quite a lot of time digging into snort_inline with no luck.
Any help appreciated.
Thanks
Nandhini
Robert Mcmillen <[EMAIL PROTECTED]> wrote:
That has been the goal. We want it all to come in, but not
necessarily all going out.
Rob
On Mar 15, 2008, at 1:48 PM, Nandhini Thiagarajan wrote:
> After i assigned sid, snort_inline started FINE.
> But even though the rule gets triggered, i dont see any snort_inline
> logs.
> Is snort_inline just meant to monitor outbound connections frm
> Honeypot?
>
> Thanks
> Nandhini
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
---------------------------------
Looking for last minute shopping deals? Find them fast with Yahoo! Search._______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
