Menu
▾
▴
snort-inline-users
|
From: Sandro P. <se...@gm...> - 2003-09-08 05:42:29
Attachments:
queue-up.sh
|
I adopted rc.firewall (which allows everthing in but limits everything out) to allow everything in AND out except what snort-inline has to block (this is ok for my intended setup to only block sessions belonging to worms e.g. ut leaving legal traffic on the same port untouched). BTW: I used the ebtables patch (it also includes bridge-nf, see ebtables.sourceforge.net) for 2.4.21 (used original of kernel.org) HTH, Sandro > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi guys, > > I searched hi and low, googled, etc. and have not found > an answer that explains > the situation I'm having. > > I built a Debian testing box, kernel 2.4.21 (vanilla) > with the bridge-nf patch, > snort-inline 2.0.1. The box is in bridge mode and I have > iptables rules that > QUEUE all the traffic I'm interested in. The issue I'm having is that > snort-inline never lets the traffic pass. I've even put in > pass rules for each > of the protocols (ip, tcp, udp, icmp). It did take a while > to realize that you > can't run snort-inline as snort and have the libipq work. > > > If I don't QUEUE the traffic then everything flows > through the bridge and my > other firewall rules work correctly. It's just when I start > QUEUEing and run > snort-inline. I've used the honeynet config files as a > template for snort.conf > but used the regular snort-inline rules. > > What happens to a packet that snort-inline doesn't > trigger on (drop, reject, > etc.)? Do I have to have anything extra in my firewall rules > other than the -j > QUEUE rule? > > Suggestions, feedback, etc. most welcome. > > Thanks, > > - -- > James A. Pattie > ja...@pc... > > Linux -- SysAdmin / Programmer > Xperience, Inc. > http://www.pcxperience.com/ > http://www.xperienceinc.com/ > > GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > Comment: Using GnuPG with Debian - http://enigmail.mozdev.org > > iD8DBQE/WNY5tUXjwPIRLVERAqBWAJ0Y4GEyc/xk2M7iXMxKBzXZWZMYngCg1uPA > qNwVA25V6MEVho4nfwGTLGE= > =O1oh > -----END PGP SIGNATURE----- > -- COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test -------------------------------------------------- 1. GMX TopMail - Platz 1 und Testsieger! 2. GMX ProMail - Platz 2 und Preis-Qualitätssieger! 3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post |
|
From: Matt J. <jo...@jo...> - 2007-12-27 01:54:29
|
-- -------------------------------------------- Matthew Jonkman Emerging Threats US Phone 765-429-0398 US Fax 312-264-0205 AUS Fax 61-29-4750-026 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc |
|
From: Will M. <wil...@gm...> - 2007-12-27 04:41:29
|
hi? On Dec 26, 2007 7:56 PM, Matt Jonkman <jo...@jo...> wrote: > > -- > -------------------------------------------- > Matthew Jonkman > Emerging Threats > US Phone 765-429-0398 > US Fax 312-264-0205 > AUS Fax 61-29-4750-026 > http://www.emergingthreats.net > -------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Matt J. <jo...@jo...> - 2007-12-27 14:00:09
|
Hey. I had intended to subscribe, but turns out I already was. :) So anyway, how's everybody? Have a good xmas? :) Matt Will Metcalf wrote: > hi? > > On Dec 26, 2007 7:56 PM, Matt Jonkman <jo...@jo...> wrote: >> -- >> -------------------------------------------- >> Matthew Jonkman >> Emerging Threats >> US Phone 765-429-0398 >> US Fax 312-264-0205 >> AUS Fax 61-29-4750-026 >> http://www.emergingthreats.net >> -------------------------------------------- >> >> PGP: http://www.jonkmans.com/mattjonkman.asc >> >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Snort-inline-users mailing list >> Sno...@li... >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users >> -- -------------------------------------------- Matthew Jonkman Emerging Threats US Phone 765-429-0398 US Fax 312-264-0205 AUS Fax 61-29-4750-026 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc |
|
From: Will M. <wil...@gm...> - 2007-12-27 14:58:14
|
Yeah that is the beauty of a low traffic list ;-) sorry for the spam.... snort_inline-2.8.0.1 is in the works... ;-) http://www.inliniac.net/blog/2007/12/22/working-on-snort_inline-2801.html On Dec 27, 2007 8:20 AM, Joel Esler <joe...@ma...> wrote: > You guys know you are responding to all right? > > -- > Joel Esler > joe...@ma... > http://www.joelesler.net > > > > > > On Dec 27, 2007, at 8:58 AM, Matt Jonkman wrote: > > > Hey. > > > > I had intended to subscribe, but turns out I already was. :) > > > > So anyway, how's everybody? Have a good xmas? :) > > > > Matt > > > > Will Metcalf wrote: > >> hi? > >> > >> On Dec 26, 2007 7:56 PM, Matt Jonkman <jo...@jo...> wrote: > >>> -- > >>> -------------------------------------------- > >>> Matthew Jonkman > >>> Emerging Threats > >>> US Phone 765-429-0398 > >>> US Fax 312-264-0205 > >>> AUS Fax 61-29-4750-026 > >>> http://www.emergingthreats.net > >>> -------------------------------------------- > >>> > >>> PGP: http://www.jonkmans.com/mattjonkman.asc > >>> > >>> > >>> > >>> ------------------------------------------------------------------------- > >>> This SF.net email is sponsored by: Microsoft > >>> Defy all challenges. Microsoft(R) Visual Studio 2005. > >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > >>> _______________________________________________ > >>> Snort-inline-users mailing list > >>> Sno...@li... > >>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users > >>> > > > > -- > > -------------------------------------------- > > Matthew Jonkman > > Emerging Threats > > US Phone 765-429-0398 > > US Fax 312-264-0205 > > AUS Fax 61-29-4750-026 > > http://www.emergingthreats.net > > -------------------------------------------- > > > > PGP: http://www.jonkmans.com/mattjonkman.asc > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2005. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > |
|
From: Matt J. <jo...@jo...> - 2007-12-27 15:04:35
|
Ya, what's it to you? :) Matt Joel Esler wrote: > You guys know you are responding to all right? > > -- > Joel Esler > joe...@ma... > http://www.joelesler.net > > > > > On Dec 27, 2007, at 8:58 AM, Matt Jonkman wrote: > >> Hey. >> >> I had intended to subscribe, but turns out I already was. :) >> >> So anyway, how's everybody? Have a good xmas? :) >> >> Matt >> >> Will Metcalf wrote: >>> hi? >>> >>> On Dec 26, 2007 7:56 PM, Matt Jonkman <jo...@jo...> wrote: >>>> -- >>>> -------------------------------------------- >>>> Matthew Jonkman >>>> Emerging Threats >>>> US Phone 765-429-0398 >>>> US Fax 312-264-0205 >>>> AUS Fax 61-29-4750-026 >>>> http://www.emergingthreats.net >>>> -------------------------------------------- >>>> >>>> PGP: http://www.jonkmans.com/mattjonkman.asc >>>> >>>> >>>> >>>> ------------------------------------------------------------------------- >>>> >>>> This SF.net email is sponsored by: Microsoft >>>> Defy all challenges. Microsoft(R) Visual Studio 2005. >>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >>>> _______________________________________________ >>>> Snort-inline-users mailing list >>>> Sno...@li... >>>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users >>>> >> >> -- >> -------------------------------------------- >> Matthew Jonkman >> Emerging Threats >> US Phone 765-429-0398 >> US Fax 312-264-0205 >> AUS Fax 61-29-4750-026 >> http://www.emergingthreats.net >> -------------------------------------------- >> >> PGP: http://www.jonkmans.com/mattjonkman.asc >> >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Snort-inline-users mailing list >> Sno...@li... >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users >> > -- -------------------------------------------- Matthew Jonkman Emerging Threats US Phone 765-429-0398 US Fax 312-264-0205 AUS Fax 61-29-4750-026 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc |
|
From: Julius S <ko...@ya...> - 2012-04-02 12:17:02
|
<a href="http://qu3399.com/data/02efpk.html"> http://qu3399.com/data/02efpk.html</a> |
|
From: Sart C. <sar...@ya...> - 2013-02-17 15:44:55
|
http://www.opensize.de/hurotzsi/y8r54ujayioh33usw.b271m0bp?azvqp7d725es96mggwn3v1tn24z |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X