View previous topic :: View next topic |
Author |
Message |
mundrapiyush36 n00b
Joined: 03 Jul 2007 Posts: 4
|
Posted: Wed Jul 04, 2007 8:50 am Post subject: Snort Inline Help required |
|
|
I am working on Redhat. To make use of the packet dropping and rejecting facility i installed the Snort_Inline. Snort inline makes use of the
iptables
Libnet-1.0.2a-FC2-Fixed
pcre-7.2
snort_inline-1.9.1
The installation process went fine without any failure. I have installed snort_inline for the packet dropping facility. For that purpose i need to write rules in the snort.conf file in the Snort_Inline/etc/snort.conf file.
There i wrote a very basic rule:
drop tcp any any -> any any ("Dropped Packet"
This should cause all traffic coming to my system to be dropped and corresspondingly logging the alert to a default alert file.
But When i try to run Snort_Inline after making above changes to the snort.conf file the Snort_Inline doesn't work stating:
Unknown Rule Type: Drop.
This thing get further clarified by the fact that when in snort.conf file we write any rule like "alert" "drop" then being the keyword these words become "Yellowish". As against them "drop" keyword is not becoming same which means the .Conf file is not able to recognize it as a command.
Kindly tell me where the things are going wrong. Its really important. Is there any other way to configure Snort itself for dropping packet. I am running Snort-2.6.1.4 also and i tried to configure it using
./configure --enable_Inline
configure and make and make install are running fine but later on when i insert the drop rule it is giving the same problem as above.
Thanks in advance. |
|
Back to top |
|
|
desultory Bodhisattva
Joined: 04 Nov 2005 Posts: 9410
|
|
Back to top |
|
|
|