Snort mailing list archives
Re: snort behind firewall ??
From: "Andre Goeree" <abgoeree () uwnet nl>
Date: Tue, 1 May 2001 09:10:28 +0200
On Mon, Apr 30, 2001 at 11:12:43AM -0700, Josh Oshiro wrote:
It is up in the air right now wether or not snort can see packets before the firewall drop them. It seems it is system dependant. I would like to take a poll of who can snort through there firewall and who can't. We'll need to know what kernal you are using, how it's configured, what firewall your using, how it's configures, and what os your using.
Hello, I'm snorting through my packet filter on: OS: FreeBSD 4.3-STABLE #0: Thu Apr 26 22:51:58 CEST 2001 kernel options: IPFILTER IPFILTER_LOG FW: IP Filter: v3.4.16 FW config: only connections to outside are permitted (stateful) anything coming in is blocked Snort is listening on the outside device: tun0 (user ppp) So far i have successfully picked up portscans while testing the firewall. --Andre. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: snort behind firewall ?? ./ (Apr 29)
- <Possible follow-ups>
- Re: snort behind firewall ?? ./ (Apr 29)
- Re: snort behind firewall ?? Dan Hollis (Apr 29)
- Re: snort behind firewall ?? Josh Oshiro (Apr 30)
- RE: snort behind firewall ?? Jason Lewis (Apr 30)
- Re: snort behind firewall ?? Andre Goeree (May 01)
- Re: snort behind firewall ?? Security (May 01)
- RE: snort behind firewall ?? Martijn Heemels (May 01)
- RE: snort behind firewall ?? Jason Opperisano (May 01)
- RE: snort behind firewall ?? Hawrylkiw, Dan G (May 02)
- Sound Alerting Preprocessor Andrea Barisani (May 02)