Menu
▾
▴
Re: [Snort-inline-users] Does Sourcefire's IPS use snort-inline?
|
From: Richard C. <ric...@gm...> - 2005-11-09 04:22:19
|
Ok, so that's the answer? Sourcefire uses an older version of snort_inline which is developed by William Metcalf and others for their "SC best buy" IPS. I'm running a newer version of snort-inline and it was free. I'd say that's the real "best buy" :) It occurs to me that it would be very convienent for folks out there to hav= e a live cd or a install cd that would have the OS, snort-inline, iptables, clamav, base, ntop, etc preconfigured so users could just download the cd, install it on a box w/ 3 ethernet interfaces and PRESTO! you have an IPS. Maybe the honeywall cd could be modified? It has pretty much everything listed. Any comments? On 11/7/05, Nick Rogness <ni...@ro...> wrote: > > > > I am not subscribed to the list from this address so please copy me on > > any replies. > > > > Nick Rogness wrote: > >>>Sourcefire maintains and uses the inline capabilities of snort proper > >>> > >>>EG: > >>> > >>>$ wget http://www.snort.org/dl/current/snort-2.4.3.tar.gz > >>>$ tar -xvzf snort-2.4.3.tar.gz > >>>$ cd snort-2.4.3 > >>>$ ./configure --enable-inline && make && make install > >>> > >> > >> > >> I would be very surprised if SourceFire is using snort_inline for > >> their > >> production branch. More likely, it is a modified version of > >> snort+flexresponse. Is anyone at SourceFire on this list that could > >> comment? > > > > Sourcefire does not use snort-inline or a modified version of > > snort+flexresp, we maintain and use the inline capabilities of snort > > proper. > > > > The same capabilities are available in Snort from > > http://www.snort.org/dl and can be enabled by fetching the latest > > sources and enabling inline mode by doing ./configure --enable-inline > > during the build process. > > > Ummm, that IS snort_inline then (an older version patch). I'll be > damned... > > > Nick Rogness <ni...@ro...> > > -- Thanks, Rich Compton |
