Menu
▾
▴
Re: [Snort-inline-users] Snort_inline which version to use
|
From: Tony C. <tc...@en...> - 2004-10-29 21:02:00
|
On Thursday 28 October 2004 23:18, Will Metcalf wrote: > Pawel, > > Off the top of my head I would say go with snort_inline-2.2.0 and > snort-2.2.0, we actually added mysql support into 2.1.3 but added > proper state tracking via stream4 and iptables marks in 2.2.0(see > doc/README.INLINE). As far as the preprocs go look at the default > snort_inline.conf it should give you a good base config to start off > with. Don't really know any great articles on the subject of preprocs > and rule language, but I would suggest that you take a look at the > snort users manual http://www.snort.org/docs/snort_manual/ or pick up > a copy of the syngress book SNORT 2.1 Intrusion Detection. Hope this > helps..... > > Completely off topic, would anybody like to see an ssl-decryption > preproc? Obviously you would only be able to decrypt traffic bound to > servers for which you possess the private keys, in addition we would > need figure out some way to securely store these key's in escrow. Just > a thought Victor Julien and I have been kicking around. > > Regards, > > Will > > Regards, > > Will > > On Thu, 28 Oct 2004 19:27:33 -0500, Pawel Czarnota <pc...@ui...> wrote: > > Hey all, > > I am trying to decide which version of snort_inline to use on a > > Honeywall. I need something that will work with Open Wall Linux and that > > has all major bugs fixed (needs to be very secure). It also should have > > mysql support. The Honeywall will act as a bridge. Which version would be > > recommended? Also, which pre-processors should be enabled for use on an > > actual Honeywall (At this point none of our members know anything about > > the pre-processors and little about rules)? If someone can point me to > > good online articles about these I'd appreciate it. Finally, should I > > install the same version of snort that snort_inline will be, or are there > > any advantages of using different versions for each one. Thanks > > > > Pawel Czarnota > > ACM Honeynet Project Leader > > http://cs.uic.edu/~pczarno1 > > University of Illinois at Chicago > > ------------------------------------------------------- > This Newsletter Sponsored by: Macrovision > For reliable Linux application installations, use the industry's leading > setup authoring tool, InstallShield X. Learn more and evaluate > today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/ > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users Hey, count me in on this. I started on the SSL decryption a while ago but did not have the time to finish. -Tony |
