Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Snort Inline Help required
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
mundrapiyush36
n00b
n00b


Joined: 03 Jul 2007
Posts: 4

PostPosted: Wed Jul 04, 2007 8:50 am    Post subject: Snort Inline Help required Reply with quote

I am working on Redhat. To make use of the packet dropping and rejecting facility i installed the Snort_Inline. Snort inline makes use of the

iptables
Libnet-1.0.2a-FC2-Fixed
pcre-7.2
snort_inline-1.9.1


The installation process went fine without any failure. I have installed snort_inline for the packet dropping facility. For that purpose i need to write rules in the snort.conf file in the Snort_Inline/etc/snort.conf file.

There i wrote a very basic rule:

drop tcp any any -> any any ("Dropped Packet";)

This should cause all traffic coming to my system to be dropped and corresspondingly logging the alert to a default alert file.

But When i try to run Snort_Inline after making above changes to the snort.conf file the Snort_Inline doesn't work stating:

Unknown Rule Type: Drop.

This thing get further clarified by the fact that when in snort.conf file we write any rule like "alert" "drop" then being the keyword these words become "Yellowish". As against them "drop" keyword is not becoming same which means the .Conf file is not able to recognize it as a command.


Kindly tell me where the things are going wrong. Its really important. Is there any other way to configure Snort itself for dropping packet. I am running Snort-2.6.1.4 also and i tried to configure it using

./configure --enable_Inline

configure and make and make install are running fine but later on when i insert the drop rule it is giving the same problem as above.

Thanks in advance.
Back to top
View user's profile Send private message
desultory
Bodhisattva
Bodhisattva


Joined: 04 Nov 2005
Posts: 9410

PostPosted: Thu Jul 05, 2007 12:30 am    Post subject: Reply with quote

Moved from Networking & Security to Duplicate Threads, as it is a duplicate of topic "Snort Inline not able to recognize drop rule." and topic "Snort Inline not recognizing Drop rule" and topic "Snort Inline not recognizing Drop rule".

Do not cross post.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum