Snort's flexible response output plugin performs session sniping.

Rules are modified to use the response and react keywords.

The response keyword allows you to send TCP resets or ICMP unreachable messages.

The react keyword blocks access to Web sites and sends a warning to a user's browser.

Snortsam interacts with a variety of open source and commercial routers and firewalls.

SnortSam consists of two parts: an agent that runs on the gateway device and accepts commands, and an output plugin for Snort that sends commands based on triggered rules.

The SnortSam agent is configured using a simple text file called snortsam.conf.

Fwsnort translates Snort signatures into their equivalent IPtables rulesets.

Snort rules can be translated in batch mode or individually by the Snort SID value.

Rules that are triggered will reset connections with a TCP RST or ICMP port unreachable for UDP attacks or the connection can be dropped without a reset.

Fwsnort requires the IPtables string match kernel patch.

Snort Inline can alter or drop packets in real time as they flow from one network segment to another.

Snort Inline adds the new rule keywords: drop, reject, sdrop, and replace.

Snortconfig allows you to easily update your rules to work with Snort Inline.

Snort Inline is used as part of the Honeynet Project's Honeywall CDROM.

Modsecurity is an Apache Web server module that sits inline between the Web client and server to detect and prevent attacks.

Modsecurity...