snort-inline-users

[Snort-inline-users] snort -2.3.3 and libnet 1.1.X

[Pieter V. <pv...@ab...>]

Hi,

I've got a question on compiling snort.

Snort 2.3.3 apparently needs libnet version 1.0.x.
However libnet 's current versions are 1.1.x. This is also the version 
of libnet used my server by other programs.

Snort 's configure script however checks explicitly for version 1.0.X.
Is this done on purpose or is it something left behind of an older snort 
version?

Kind regards,
Pieter

--
NEW: aXs GUARD hands-on Trainings v.7.0 
more info at http://www.axsguard.com/indextraining.htm

aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)
---------------------------------------------------
Able NV: ond.nr 0457.938.087

Re: [Snort-inline-users] snort -2.3.3 and libnet 1.1.X

[Victor J. <vi...@nk...>]

Pieter Vanmeerbeek wrote:
> Hi,
> 
> I've got a question on compiling snort.
> 
> Snort 2.3.3 apparently needs libnet version 1.0.x.
> However libnet 's current versions are 1.1.x. This is also the version 
> of libnet used my server by other programs.
> 
> Snort 's configure script however checks explicitly for version 1.0.X.
> Is this done on purpose or is it something left behind of an older snort 
> version?
> 

IIRC snort_inline uses libnet 1.0 because snort's flexresp also uses it. 
Both snort and snort_inline are moving to libdnet now, so soon this 
libnet 1.0 stuff should be a thing of the past.

Regards,
Victor

[Snort-inline-users] snort 2.4 and IPS rule set

[Pieter V. <pv...@ab...>]

Hi,

I was wondering if somewhere an IPS rule set exists, i.e. with 
drop/reject actions instead of alert actions?
The only rulesets I can find are IDS or standard snort rulesets.

I also found a snortconverter script (snortconfig) but this script 
doesn't seem to take multiline rules into account an can only set an 
action to a specific other actions instead of something like change all 
alerts to drop rules.

Does anyone now where to find such information?

kind regards,
Pieter
Able
--
NEW: aXs GUARD hands-on Trainings v.7.0 
more info at http://www.axsguard.com/indextraining.htm

aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)
---------------------------------------------------
Able NV: ond.nr 0457.938.087

Re: [Snort-inline-users] snort 2.4 and IPS rule set

[Will M. <wil...@gm...>]

use oinkmaster, in your oinkmaster.conf enter the following line....

modifysid * "^alert" | "drop"

execute oinkmaster.pl

Wash... Rinse.... Repeat

Regards,

Will

On 8/1/05, Pieter Vanmeerbeek <pv...@ab...> wrote:
> Hi,
>=20
> I was wondering if somewhere an IPS rule set exists, i.e. with
> drop/reject actions instead of alert actions?
> The only rulesets I can find are IDS or standard snort rulesets.
>=20
> I also found a snortconverter script (snortconfig) but this script
> doesn't seem to take multiline rules into account an can only set an
> action to a specific other actions instead of something like change all
> alerts to drop rules.
>=20
> Does anyone now where to find such information?
>=20
> kind regards,
> Pieter
> Able
> --
> NEW: aXs GUARD hands-on Trainings v.7.0
> more info at http://www.axsguard.com/indextraining.htm
>=20
> aXs GUARD has completed security and anti-virus checks on this e-mail
> (http://www.axsguard.com)
> ---------------------------------------------------
> Able NV: ond.nr 0457.938.087
>=20
>=20
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=3D7477&alloc_id=3D16492&op=3Dclic=
k
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>