Menu
▾
▴
[Snort-inline-users] Snort_Inline not recognizing 'drop' rule
|
From: Piyush_Mundra <Piy...@sa...> - 2007-07-11 15:49:10
|
Hello everybody, =20 I am working on Redhat. To make use of the packet dropping and rejecting = facility i installed the Snort_Inline. Snort inline makes use of the=20 iptables=20 Libnet-1.0.2a-FC2-Fixed=20 pcre-7.2=20 snort_inline-1.9.1=20 The installation process went fine without any failure. I have installed = snort_inline for the packet dropping facility. For that purpose i need = to write rules in the snort.conf file in the Snort_Inline/etc/snort.conf = file.=20 There i wrote a very basic rule:=20 drop tcp any any -> any any (msg: "Dropped Packet"; sid: 1000001;)=20 This should cause all traffic coming to my system to be dropped and = corresspondingly logging the alert to a default alert file.=20 But When i try to run Snort_Inline after making above changes to the = snort.conf file the Snort_Inline doesn't work stating:=20 Unknown Rule Type: Drop.=20 This thing get further clarified by the fact that when in snort.conf = file we write any rule like "alert" "drop" then being the keyword these = words become "Yellowish". As against them "drop" keyword is not becoming = same which means the .Conf file is not able to recognize it as a = command.=20 Kindly tell me where the things are going wrong. Its really important. = Is there any other way to configure Snort itself for dropping packet. I = am running Snort-2.6.1.4 also and i tried to configure it using=20 ./configure --enable_Inline=20 configure and make and make install are running fine but later on when i = insert the drop rule it is giving the same problem as above.=20 Thanks in advance. =20 Regards Piyush DISCLAIMER: This email (including any attachments) is intended for the sole use of = the intended recipient/s and may contain material that is CONFIDENTIAL = AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or = copying or distribution or forwarding of any or all of the contents in = this message is STRICTLY PROHIBITED. If you are not the intended = recipient, please contact the sender by email and delete all copies; = your cooperation in this regard is appreciated. |
