Snort mailing list archives
Re: Snort & Firewall
From: Stephen Torri <storri () ameritech net>
Date: Mon, 6 Aug 2001 19:02:30 -0400 (EDT)
On Mon, 6 Aug 2001, John Sage wrote:
I am running snort 1.8.1-beta4 on my ipchains-based Linux firewall box and it works just fine. I'm using ppp via a (conventional) modem, and if I understand ppp correctly, the concept of "promiscuous" is not relevant. ppp is point-to-point, so on both ends of that connection are handling only packets specific to that connection (which isn't to say you mayn't get some broadcast or multicast packets, but even they should be *for* you...)
I am satisfied with the firewall. What my concern was first if the NIC is in promiscuous mode would that be a problem? Which to that you are not concerned. You state that because PPP by its nature only works for one IP address, mine. Yet with a typical NIC on a ethernet based network I get traffic which is not for me being in promiscuous mode. How are they different? Just trying to understand the comparison. Is the other end of the link for the connection (my ISP) filtered so that only I get traffic "for" me?
2) If I can which will pick up an incoming packet first, snort or the firewall (ipchains)?My experience is that snort sees everything ipchains does, and ipchain sees what comes in and does what it's supposed to...
So if snort notices an attack of a particular type it can update ipchains to protect the network from this new attack as well. Right? For example if an attack of type A is noticed, a rule is added to the ipchains to prevent said ip address from continuing to attack the service (i.e. HTTP on port 80). Stephen _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort & Firewall Stephen Torri (Aug 06)
- Re: Snort & Firewall John Sage (Aug 06)
- Re: Snort & Firewall Stephen Torri (Aug 06)
- Re: Snort & Firewall John Sage (Aug 06)
- Re: Snort & Firewall Stephen Torri (Aug 06)
- Re: Snort & Firewall John Sage (Aug 06)