Snort Inline Patch
The Snort Inline patch exists as both a separate application, named Hogwash, and a patched version of Snort. Hogwash code has merged into the Snort source tree, where it can take advantage of the considerable accomplishments of the Snort application. The Snort Inline patch can make use of Snort's packet decoding and reassembly features, such as the stream preprocessors, to be a more effective and complete intrusion prevention system.
The Snort Inline patch makes use of the familiar iptables and ip_queue for packet acquisition and forwarding. You could use iptables to create a firewall on the same machine that the Snort Inline patch lives on. Hogwash has its own native code for packet forwarding and acquisition, making it more ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
