Snort mailing list archives

Re: snort behind firewall ??

From: "Andre Goeree" <abgoeree () uwnet nl>
Date: Tue, 1 May 2001 09:10:28 +0200

On Mon, Apr 30, 2001 at 11:12:43AM -0700, Josh Oshiro wrote:


It is up in the air right now wether or not snort can see packets before
the firewall drop them. It seems  it is system dependant. I would like
to take a poll of who can snort through there firewall and who can't.
We'll need to know what kernal you are using, how it's configured, what
firewall your using, how it's configures, and what os your using.


Hello,

I'm snorting through my packet filter on:

OS: FreeBSD 4.3-STABLE #0: Thu Apr 26 22:51:58 CEST 2001
    kernel options:
           IPFILTER
           IPFILTER_LOG

FW: IP Filter: v3.4.16
    FW config:
       only connections to outside are permitted (stateful)
       anything coming in is blocked

Snort is listening on the outside device: tun0 (user ppp)

So far i have successfully picked up portscans while testing the
firewall. 

--Andre.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: snort behind firewall ?? ./ (Apr 29)
- <Possible follow-ups>
- Re: snort behind firewall ?? ./ (Apr 29)
  - Re: snort behind firewall ?? Dan Hollis (Apr 29)
  - Re: snort behind firewall ?? Josh Oshiro (Apr 30)
    - RE: snort behind firewall ?? Jason Lewis (Apr 30)
    - Re: snort behind firewall ?? Andre Goeree (May 01)
    - Re: snort behind firewall ?? Security (May 01)
    - RE: snort behind firewall ?? Martijn Heemels (May 01)
- RE: snort behind firewall ?? Jason Opperisano (May 01)
- RE: snort behind firewall ?? Hawrylkiw, Dan G (May 02)
  - Sound Alerting Preprocessor Andrea Barisani (May 02)