Hi Evani as I said just use our daq in ips mode. Alfredo
> On 23 Sep 2015, at 12:01, Evani Sitaram <[email protected]> wrote: > > Hello Alfredo, > Thank you for the timely reply, I am able to drop the packets using DAQ > module (NFQ) with Snort IPS . For example , if i want to block/drop traffic > to a site (facebook , youtube ,etc) i am able to do it with DAQ(NFQ) > module.Now, is there any possibility to drop packets with pf_ring along > with Snort IPS. > > > lspci | grep Eth > > 01:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet > Controller (rev 06) > 01:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet > Controller (rev 06) > 02:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet > Controller (rev 06) > 02:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet > Controller (rev 06) > 04:00.0 Ethernet controller: Qualcomm Atheros Killer E2200 Gigabit Ethernet > Controller (rev 13) ( I am not using this last Ethernet Controller) > > On Wed, Sep 23, 2015 at 1:33 PM, Alfredo Cardigliano <[email protected] > <mailto:[email protected]>> wrote: > >> On 23 Sep 2015, at 06:54, Evani Sitaram <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> i am Evani Ram,i am working for my final year project and i am new to >> pf_ring and snort , i have a couple of queries regarding pf_ring. >> >> 1) Firstly, is it possible to drop packets using pf_ring ? if yes, how to >> configure pf_ring in order to drop packets. (alert is working in pf_ring) >> >> i am using this command to drop the packets but its only capture the >> packets and logging. i am using pf_ring aware driver. >> >> Command : >> /snort/bin/snort -Q -c /snort/etc/snort.conf -d --treat-drop-as-alert --daq >> pfring --daq-dir /pfring/lib/daq -l /logs -i eth0:eth1 & > > Do you mean you want to use it inline dropping packets? You just need to run > snort in IPS mode using our DAQ module, please take a look at the README > >> 2) Secondly, what is the hardware architecture supported for using pf_ring >> and can you suggest minimum required configuration for dropping packets. > > With standard drivers you can use any NIC, almost all Intel NICs are also > supported in Zero-Copy mode for line-rate. > >> ( i am using using Intel PRO /1000 PT DUAL PORT NiC card for traffic flow) > > Can I see "lspci | grep Eth"? > > Regards > Alfredo > >> >> Thanks And Regards, >> Evani Ram. >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
