Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] Need help in interpreting some Docs

from [John Draper] Network Security [Permanent Link]
Subject: [Snort-users] Need help in interpreting some Docs
Date: Wed, 25 Oct 2006 11:47:52 -0700 
Hi,

I'm posting this to both OpenBSD and Snort mailing lists.
In reading through the snort documentation, in section 1.5
(Inline mode), they state the following...

"In order for Snort Inline to work properly, Download and compile
the iptables code to include "make install-devel". 
(http://www,iptables.org)
Would I do the "make install-devel" from within the Snort's Source
build system,  or the iptables build system?. 
This will install the libipq library that allows snort Inline to
interface with iptables.  Also, you must build and install LibNet,  
which is available from www.packetfactory.net.

Ok, all fine and well,  but I'm using snort on an OpenBSD platform,
which uses PF instead of iptables...   I'm assuming that iptables is
only for Linux,  or does OpenBSD also use iptables?   I didn't see
any mention of it in either OpenBSD docs or Snort docs other then
this, and as far as I can remember,  iptables is used primarily with
Linux, is that right?

Would I follow the same installation procedures? or would I ditch this
effort alltogether and write it off as something OpenBSD is not setup
to do,  or is there an alternative I can use with Snort?

I haven't looked at Snort since 2003, and from reading the new docs,
a lot of new features have been added,  some of which I haven't
come across yet.

I'm basically setting up snort that if it sees a Priority one attack
it executes a script or Binary file,  well,  actually it will instantiate
a thread that does this in whatever scripting language I choose (Python)
in my case.

I Haven't read ALL the new stuff yet, but am ready to install any
additional utilities, like Barnyard.  Which I already have running.

Is it possible to use Snort in normal NIDS mode, then when I get a
higher priority attach,  to switch to Inline mode?  How fast
can Snort switch from one mode to another?   Also, is it possible
to use Snort to "look at" a binary file and display contents via
the ./snort -dvr option while snort is running?

Thanx
John

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Detecting Skype traffic (reliably), Humes, David G.
Next by Date:  Re: [Snort-users] Need help in interpreting some Docs, Justin Heath
Previous by Thread:  [Snort-users] Detecting Skype traffic (reliably), Andrew Hay
Next by Thread:  Re: [Snort-users] Need help in interpreting some Docs, Justin Heath
Indexes:  [Date] [Thread] [Top] [All Lists]