Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort behind firewall ??

From: "./" <dotslash () linif org>
Date: Sun, 29 Apr 2001 12:31:09 +0400
What I've done is to run two instances of snort on the box. One listens on
the outside xl0 interface, the other listens on xl1. That way I see what's
coming in. Snort does see things in the tcp stream, but I've never been

able

to determine if its seeing things that are blocked by the firewall. It
definitely sees port scans, which tells me it probably does, but I like to

be

absolutely positive.



Rob


still the question remains as to how to protect the snort box.  i too have
also verified that portscans are being seen by snort even with a firewall.
i'm just wondering why the binary-log-file doesn't contain anything during
the time when i was running the snort attack scripts.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: