Menu
▾
▴
Re: [Snort-inline-users] Logging but not dropping
|
From: Josh B. <jos...@li...> - 2004-07-02 02:54:27
|
Assuming snort_inline is sitting in between the web server and the nessus server, you need to use: iptables -A FORWARD -j QUEUE The ipnut chain is only for packets destined to the interface of the iptables machine, the forward target is for traffic actually passing through the firewall. Also, make sure you are starting snort_inline with the -Q switch. > Hi friends, I'm new to snort_inline. > > I downloaded the current binary version of snort_inline, I'm using the > configuration files included in the tarball, I converted the alert rules > to > drop rules using the convert.sh script, and I'm using the default > snort_inline.conf > > I loaded the ip_queue module and configure a simple iptables rule: > > iptables -A INPUT -j QUEUE > > In the snort_inline host I have a test web server (apache) and I run a > nessus > scan against it, the snort logs show the attacks, but it seems not to be > dropped becauseare also present in the apache logs. > What could be wrong? the rules files were changed by drop instead of alert > and > all the variables are configured as "any". > > Another question? I need to configure the host as a bridge? is it > neccesary? > > > Regards, > Geffrey > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > Thanks, Josh Berry, CISSP CTO, VP of Product Development LinkNet-Solutions 469-831-8543 jos...@li... |
