Snort on OpenBSD

2009-10-08 Thread Richard Brooks
Hello, I am trying to get some up to date information on how to install and configure Snort on a modern OpenBSD box. At the moment it seems that Snort has only limited functionality for OpenBSD, and in general seems to prefer either Linux or Windows. I have tried downloading and installing various

Snort on openBSD 4.2

2008-01-31 Thread Rami Sik
Hi All, I am planning to use an old hardware for snort with mysql on top of openBSD 4.2. I would appreciate comments/suggestions from anybody using snort on openBSD! Thanks, Rami Sik

Re: Snort on OpenBSD

2009-10-08 Thread Brian Shackelford
Brian -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Richard Brooks Sent: Thursday, October 08, 2009 7:28 AM To: misc@openbsd.org Subject: Snort on OpenBSD Hello, I am trying to get some up to date information on how to install and configure Sno

Re: Snort on OpenBSD

2009-10-08 Thread Vijay Sankar
Richard Brooks wrote: Hello, I am trying to get some up to date information on how to install and configure Snort on a modern OpenBSD box. At the moment it seems that Snort has only limited functionality for OpenBSD, and in general seems to prefer either Linux or Windows. I have tried downloading

Re: Snort on OpenBSD

2009-10-08 Thread Joachim Schipper
On Thu, Oct 08, 2009 at 12:27:46PM +0100, Richard Brooks wrote: > Hello, I am trying to get some up to date information on how to install and > configure Snort on a modern OpenBSD box. At the moment it seems that Snort > has only limited functionality for OpenBSD, and in general seems to prefer > e

Re: Snort on OpenBSD

2009-10-08 Thread Brad Tilley
On Thu, Oct 8, 2009 at 7:27 AM, Richard Brooks wrote: > Hello, I am trying to get some up to date information on how to install and > configure Snort on a modern OpenBSD box. At the moment it seems that Snort > has only limited functionality for OpenBSD... I use snort on Free and OpenBSD. It work

Re: Snort on OpenBSD

2009-10-08 Thread Claudio Jeker
On Thu, Oct 08, 2009 at 11:11:35AM -0400, Brad Tilley wrote: > On Thu, Oct 8, 2009 at 7:27 AM, Richard Brooks wrote: > > Hello, I am trying to get some up to date information on how to install and > > configure Snort on a modern OpenBSD box. At the moment it seems that Snort > > has only limited f

Re: Snort on OpenBSD

2009-10-08 Thread Brad Tilley
On Thu, Oct 8, 2009 at 10:57 AM, Joachim Schipper wrote: > There is no support for the "queue packets to userspace" required by > Snort's IPS mode in any released OpenBSD version... I have never seen Snort deployed in IPS mode, only IDS mode for monitoring purposes. IMO, too many things break in

Re: Snort on OpenBSD

2009-10-08 Thread Henri Salo
On Thu, 8 Oct 2009 11:46:09 -0400 Brad Tilley wrote: > On Thu, Oct 8, 2009 at 10:57 AM, Joachim Schipper > wrote: > > > There is no support for the "queue packets to userspace" required by > > Snort's IPS mode in any released OpenBSD version... > > I have never seen Snort deployed in IPS mode,

Re: Snort on OpenBSD

2009-10-08 Thread Kevin Wilcox
2009/10/8 Joachim Schipper : > What, specifically, fails to work? > > OpenBSD has a snort package, I assume that will install without issues. > Don't you get a working IDS just by installing the port (and updating > the rules, if so desired)? What, specifically, are the issues? Not only what fail

Re: Snort on OpenBSD

2009-10-08 Thread Steven Surdock
> -Original Message- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > Joachim Schipper > Sent: Thursday, October 08, 2009 10:58 AM > To: misc@openbsd.org > Subject: Re: Snort on OpenBSD > > On Thu, Oct 08, 2009 at 12:27:46PM +01

Re: Snort on openBSD 4.2

2008-01-31 Thread Reyk Floeter
On Thu, Jan 31, 2008 at 12:10:57PM -0800, Rami Sik wrote: > Hi All, > > > > I am planning to use an old hardware for snort with mysql on top of > openBSD 4.2. I would appreciate comments/suggestions from anybody using > snort on openBSD! > > what is your question?

Re: Snort on openBSD 4.2

2008-01-31 Thread Joachim Schipper
On Thu, Jan 31, 2008 at 12:10:57PM -0800, Rami Sik wrote: > Hi All, > > I am planning to use an old hardware for snort with mysql on top of > openBSD 4.2. I would appreciate comments/suggestions from anybody using > snort on openBSD! Unless you *really*, *really* know what you

snort on openbsd with PF

2010-02-08 Thread Paolo Supino
Hi When snort on the external interface of an OpenBSD firewall, which scenario will be the one happening: 1. Snort captures all incoming traffic before it reaches PF (there's also NAT on the external interface). 2. Snort captures and analyzes only traffic that the firewall let through on the

Re: snort on openbsd with PF

2010-02-08 Thread Paolo Supino
Hi I apologize for not first RTFMing before asking. Section 4.4 of the Snort FAQ clearly states that scenario 1 is the one that will be ... -- TIA Paolo On 2/8/10 3:18 PM, Paolo Supino wrote: Hi When snort on the external interface of an OpenBSD firewall, which scenario will be the one