Snort mailing list archives
Re: snort behind firewall ??
From: "./" <dotslash () linif org>
Date: Sun, 29 Apr 2001 12:31:09 +0400
What I've done is to run two instances of snort on the box. One listens on the outside xl0 interface, the other listens on xl1. That way I see what's coming in. Snort does see things in the tcp stream, but I've never been
able
to determine if its seeing things that are blocked by the firewall. It definitely sees port scans, which tells me it probably does, but I like to
be
absolutely positive.
Rob
still the question remains as to how to protect the snort box. i too have also verified that portscans are being seen by snort even with a firewall. i'm just wondering why the binary-log-file doesn't contain anything during the time when i was running the snort attack scripts. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: snort behind firewall ?? ./ (Apr 29)
- <Possible follow-ups>
- Re: snort behind firewall ?? ./ (Apr 29)
- Re: snort behind firewall ?? Dan Hollis (Apr 29)
- Re: snort behind firewall ?? Josh Oshiro (Apr 30)
- RE: snort behind firewall ?? Jason Lewis (Apr 30)
- Re: snort behind firewall ?? Andre Goeree (May 01)
- Re: snort behind firewall ?? Security (May 01)
- RE: snort behind firewall ?? Martijn Heemels (May 01)
- RE: snort behind firewall ?? Jason Opperisano (May 01)
- RE: snort behind firewall ?? Hawrylkiw, Dan G (May 02)
- Sound Alerting Preprocessor Andrea Barisani (May 02)