Hello Alfredo,
Thank you for the timely reply, I am able to drop the packets using DAQ
module (NFQ) with Snort IPS . For example , if i want to block/drop traffic
to a site (facebook , youtube ,etc) i am able to do it with DAQ(NFQ)
module.Now,
is there any possibility to drop packets with pf_ring along with Snort
IPS.
lspci | grep Eth
01:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
01:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
02:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
02:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet
Controller (rev 06)
04:00.0 Ethernet controller: Qualcomm Atheros Killer E2200 Gigabit Ethernet
Controller (rev 13) ( I am not using this last Ethernet Controller)
On Wed, Sep 23, 2015 at 1:33 PM, Alfredo Cardigliano <[email protected]>
wrote:
>
> On 23 Sep 2015, at 06:54, Evani Sitaram <[email protected]> wrote:
>
> Hi,
> i am Evani Ram,i am working for my final year project and i am new to
> pf_ring and snort , i have a couple of queries regarding pf_ring.
>
> 1) Firstly, is it possible to drop packets using pf_ring ? if yes, how to
> configure pf_ring in order to drop packets. (alert is working in pf_ring)
>
> i am using this command to drop the packets but its only capture the
> packets and logging. i am using pf_ring aware driver.
>
> Command :
> * /snort/bin/snort -Q -c /snort/etc/snort.conf -d --treat-drop-as-alert
> --daq pfring --daq-dir /pfring/lib/daq -l /logs -i eth0:eth1 &*
>
>
> Do you mean you want to use it inline dropping packets? You just need to
> run snort in IPS mode using our DAQ module, please take a look at the README
>
> 2) Secondly, what is the hardware architecture supported for using pf_ring
> and can you suggest minimum required configuration for dropping packets.
>
>
> With standard drivers you can use any NIC, almost all Intel NICs are also
> supported in Zero-Copy mode for line-rate.
>
> ( i am using using *Intel PRO /1000 PT DUAL PORT* NiC card for traffic
> flow)
>
>
> Can I see "lspci | grep Eth"?
>
> Regards
> Alfredo
>
>
> Thanks And Regards,
> Evani Ram.
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
