November 25, 2024, 02:06:49 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: snort_inline problem,help me plzz  (Read 5836 times)

Offline gauravbajaj

  • LST CareTaker
  • Experienced
  • *****
  • Posts: 658
snort_inline problem,help me plzz
« on: June 16, 2005, 04:03:37 AM »
Hello Group,

I am having a problem with snort_inline(IPS), may be anyone of u knows it..

I am  currently working on snort_inline but not able to configure it.., I don't know whats the mistake..May be u help me..

 I have 2 NIC in my system & its running in bridge mode, the both NIC is runnning in prosmisicous mode.

The 1 NIC is connected to our Network , i.e it is connected with internet using another PROXY SERVER , where as my 2nd NIC is connected to the other comuputer using a cross cable.

I gave the following command in my syste having 2 NIC as discussed above as

#iptables -A OUTPUT -p tcp -j QUEUE

now  I am running snort_inline like this
#snort_inline -Qc tcp.rules

where in tcp.rules is a rule file where ,i make a entry as
drop tcp any any -> any any ( msg : "DROPING PACKETS")

now its getting packets from IP TABLES QUEUE but still i can open any web-site from my other computer i.e which is connected to my system with cross cable (as discussed above) , but in rule i am defining that drop these packets...but still it opens how??????????

so what is the mistake here..,Please help me. I will be very grateful to you.

Thx in Advance..

Gaurav