Snort mailing list archives
Re: snort and firewall
From: "GeEk" <koolman () visi0n net>
Date: Tue, 14 Aug 2001 15:47:25 -0400 (EDT)
Here is What I did DSL Router - 675 Firewall - Linux Box running bridge software, snort and iptables for extra network foltering INTERNET ---- 675 ----- FIREWALL ------ Switch ---- Web Server, Workstation, Mail Server etc... For the firewall not only can I see all traffic that passes throuhg the router to all boxes but I have the firewall completely locked down so it's practly impossible to hack even if a local machine is compermised.. -- LinSys http://www.visi0n.net Unix / Security Online Info ----- When you die and your life flashes before your eyes does that include the part where your life flashes before your eyes? ----- On Tue, 14 Aug 2001, J. C. Woods wrote:
Stephen Torri wrote:If I have an external DSL modem hooked up to my firewall, where should I put a machine running snort? If its behind won't I only detect if someone has broken in? Stephen _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersIf you are saying you have a gateway/router machine that has two interfaces, eth0 and eth1, the answer to your question would be yes. In theory, any external packets picked up by snort on your internal interface would indicate firewall penetration onto your private LAN. drjung
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and firewall Stephen Torri (Aug 14)
- Re: snort and firewall J. C. Woods (Aug 14)
- Re: snort and firewall GeEk (Aug 15)
- Re: snort and firewall John Sage (Aug 15)
- Re: snort and firewall Stephen Torri (Aug 15)
- Re: snort and firewall J. C. Woods (Aug 14)