O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Snort Inline Patch

The Snort Inline patch exists as both a separate application, named Hogwash, and a patched version of Snort. Hogwash code has merged into the Snort source tree, where it can take advantage of the considerable accomplishments of the Snort application. The Snort Inline patch can make use of Snort's packet decoding and reassembly features, such as the stream preprocessors, to be a more effective and complete intrusion prevention system.

The Snort Inline patch makes use of the familiar iptables and ip_queue for packet acquisition and forwarding. You could use iptables to create a firewall on the same machine that the Snort Inline patch lives on. Hogwash has its own native code for packet forwarding and acquisition, making it more ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required