Menu
▾
▴
[Snort-inline-users] snort_inline-2.0.5 released
|
From: Rob M. <rv...@ca...> - 2003-12-03 01:22:20
|
I've finally gotten off my butt and updated snort_inline to the latest and greatest snort version 2.0.5. You can get it at: http://sourceforge.net/projects/snort-inline/ In addition, 1. I've incorporated some beta code to support running snort_inline with ipfw on freeBSD. Nick <ni...@ro...> was kind enough to provide this patch. I call it beta because I've gotten it to compile in freeBSD, but I haven't had the time to really put it to the test. Any volunteers willing to provide comments/feedback? Anyone care to create a rc.firewall like script to work with ipfw? 2. I've added a few rules for testing purposes (rules/test.rules) provided by Lance Spitzner <la...@ho...>, that will enable you to quickly test your snort_inline configuration. 3. I've added Brian Casswell's snort rule configuration program (contrib/Net-Snort-Parser-1.9.tar.gz) that allows you to quickly modify snort rules and convert them to drop, sdrop, reject, or replace. It also allows you to convert snort rules for use in a Honeynet. For more information on this tool, to include several example configuration files, go to: http://www.shmoo.com/~bmc/software/snortconfig/ I am still working on making the portscan and arpspoof preprocessors "drop". This will be on the street very soon. I've just been caught up in my day job and another project. Rob |
