Security Basics mailing list archives
Re: locking down snort
From: Nelson Santos <nsantos () gmail com>
Date: Sun, 27 Jun 2004 09:46:50 -0300
Hi Jose, IPTables always gets the traffic first so you wouldn't have a problem locking it down. The actual order for incoming packages is: {Checksum --> Sanity --> Routing decision --> Input chain} --> Local processing (Snort and it's friends) --> {Output chain --> Routing decision} All between brackets is done by IPTables and the OS. Packets that are forwarded take a slight different path. Hope that helps, Nelson On Thu, 24 Jun 2004 10:28:43 -0700, Jose Guevarra <jose () iquest ucsb edu> wrote:
Hi, I have some machines running snort. I'd like to restrict ssh/http and other access to them. However, I'm not sure if in doing so, would snort not 'grab' and analyze traffic hitting those ports. I guess I'm asking - if I blocked those ports from the outside world would I still detect say a port scan on those ports? - Who captures the packets first: Firewall(IPTABLES) or SNORT? Thanks, --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- locking down snort Jose Guevarra (Jun 25)
- Re: locking down snort Nasir Ghaznavi (Jun 28)
- Re: locking down snort Nelson Santos (Jun 28)
- <Possible follow-ups>
- Locking down Snort Carey Myers (Jun 28)
- Re: Locking down Snort Nelson Santos (Jun 29)
- RE: locking down snort Andrew Shore (Jun 28)