Menu
▾
▴
[Snort-inline-users] Logging but not dropping
|
From: Geffrey V. [MINAG] <gve...@mi...> - 2004-07-01 00:06:04
|
Hi friends, I'm new to snort_inline. I downloaded the current binary version of snort_inline, I'm using the configuration files included in the tarball, I converted the alert rules to drop rules using the convert.sh script, and I'm using the default snort_inline.conf I loaded the ip_queue module and configure a simple iptables rule: iptables -A INPUT -j QUEUE In the snort_inline host I have a test web server (apache) and I run a nessus scan against it, the snort logs show the attacks, but it seems not to be dropped becauseare also present in the apache logs. What could be wrong? the rules files were changed by drop instead of alert and all the variables are configured as "any". Another question? I need to configure the host as a bridge? is it neccesary? Regards, Geffrey |
