Menu
▾
▴
Re: [Snort-inline-users] snort_inline on Hp-ux? (was: Re: Snort-inline-users digest, Vol 1 #222 - 1 msg)
|
From: Nick R. <ni...@ro...> - 2004-09-14 20:27:56
|
On Tue, 14 Sep 2004, prabu wrote: > Hi Nick, > Thanks a lot for good explaination.Now,my question is,what should I > do,so that I can compile snort-inline on HP-UX?. You have killed even > the little hope to compile snort-inline on HPUX.Is there,any other way > to do so? Not unless you have a firewall running that supports it, i.e. iptables. I'm not sure iptables can be run on HP-UX. It would be nice to get PF+snort_inline working together. Until then, I think your hosed! Sorry again :-) > > > ----- Original Message ----- From: "Nick Rogness" <ni...@ro...> > To: "Victor Julien" <vi...@nk...> > Cc: <sno...@li...>; "prabu" <pra...@ho...> > Sent: Sunday, September 12, 2004 7:46 AM > Subject: Re: [Snort-inline-users] snort_inline on Hp-ux? (was: Re: > Snort-inline-users digest, Vol 1 #222 - 1 msg) > > >> On Fri, 3 Sep 2004, Victor Julien wrote: >> >>> Hi Prabu, >>> >>> I don't know if it can work, but a quick search in Google tells me Hp-ux >>> is >>> using IPFW, which Snort_inline supports. So i would say, give it a go >>> and >>> post errors, problems or success stories to the snort_inline-users >>> mailinglist. We will try to assist you where possible. >>> >>> Be sure to use ./configure --enable-ipfw when building... >>> >>> If someone knows that this can't work for some reason, please correct >>> me! >> >> IPFW support in snort-inline is built specifically for FreeBSD. >> The name ipfw is deceiving because it is short for ip firewall, >> which is used as a generic name for several firewalls (including >> one for HP-UX). >> >> Specifically, you need divert sockets in conjunction with IPFW for >> anything to work right, which is a FreeBSD thing. The only OS I >> know works with IPFW is FreeBSD, although other OSs with divert >> socket support could work. IPFW is just the tool to send packets >> to a divert socket (kernel->snort_inline), i.e. it is more >> important that you have divert sockets support than IPFW. >> In fact, you could write an app that sends packets from the BPF >> (or the like) to a divert socket (snort_inline) and bypass IPFW >> all together...although it would defeat the purpose ;-) >> >> So I would take a guess that it won't work. Sorry. >> >> Nick Rogness <ni...@ro...> >> - >> How many people here have telekenetic powers? Raise my hand. >> -Emo Philips >> > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.760 / Virus Database: 509 - Release Date: 9/10/2004 > Nick Rogness <ni...@ro...> - How many people here have telekenetic powers? Raise my hand. -Emo Philips |
