4. Snort time from detection to block

Snort time from detection to block

  • D
    Banned

    The Snort time from detection to block is not helping me. Is there a way to inspect the packet and then pass it only if it passes the snort rule? I use snort only for one port on my email server, so a delay in the packets is no big deal, but the packets getting through are. Snort is only effective for the next time a bad IP comes in.

    Any suggestions?

    0
  • F

    Instead of a DROP rule, create one with PASS with Suricata inline.

    pfsense doesnt support snort inline yet, maybe when version 3  comes out.

    F.

    0
  • P

    maybe write your own custom Snort Rules: custom.rules?

    http://archive.oreilly.com/pub/h/1393

    0
  • D
    Banned

    So I can do this with Suricata?
    Is there a FAQ somewhere to explain using inline. I assume using this allows Suricata to review and drop the packet before it can be delivered.

    I already write my own custom rules. I was hoping there were some commands I could use. I understand the snort rules are compatible with Suricata too.

    0
  • D
    Banned

    Reading up on Suricata looks like the answer to my needs now that the inline option is available.
    Thanks

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy