TOTAL
Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics



Help us translate
our tutorials!

JOIN the
OpenManiak Team.
OM TEAM
Director:
Blaise Carrera
Tutorials creation:
Blaise Carrera
Translaters:
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
YukiAlex
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Auditors
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Sabrina Barbey
Webmaster:
Blaise Carrera
SNORT_INLINE - The Easy Tutorial - Introduction

Snort_Inline Introduction
Last Change : Jan 30 2008 french flagenglish flag


Tool
Install
Ergonomy
Forum



Details What is Snort_Inline?
Screenshots
Prerequisites
Installation
Oinkmaster - Snort Rules
Oinkmaster - Bleeding Rules
Run Snort_Inline
BASE
Bridging




If you like our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!


Snort_Inline
BASE
Oinkmaster
Bleeding rules


The Snort_inline IPS is a modified version of the famous Snort IDS.
It receives packets sent from the Netfilter firewall with the help of the lipipq library, compares them with Snort signature rules and tags them as drop if they match a rule, then finally sends them back to Netfilter where the Snort_Inline tagged packets are dropped.

Get more details about the packet processing through Snort_Inline.

An IDS (Intrusion Detection System) logs an alert when a packet matches a signature rule but does not discard or even modify it. This is different with an IPS (Intrusion Prevention System) where a packet matching a signature rule is blocked or modified.

You must be extremely careful with the "false positive" alarms (packets matching a signature rule but being in fact harmless) on an IPS because this can hurt the good behavior of the communications between your systems by blocking required links for the business.

For our test, we used Snort_Inline 2.4.5a and Ubuntu LTS 6.06. We noticed problems when using Ubuntu 6.10 or snort_inline-2.6.1.2-B1.
Give us your feedback if you tried our tutorial on a Debian Linux.





If you liked our tutorials, don't hesitate to support us and visit our sponsors!
Si vous aimez nos tutoriaux, n'hésitez pas à nous supporter et visiter nos sponsors!