Snort mailing list archives
RE: Snort + ipchains
From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 1 Dec 2001 18:20:23 -0800 (PST)
On Sat, 1 Dec 2001, Martijn Heemels wrote:
Erik Adams would say that I need more coffee and it would all become clear ;-D
Of course! All things can be solved with massive amounts of coffee. ;-) I think John Berkers had his! I like his suggestion of:
A: While Snort also sees the packets that the firewall does, if the exploit that the signature catches requires a connection to be established, the exploit will never be sent. The firewall blocks the three-way-handshake process and you never get a connection, therefore you never get the exploit packet.
----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + ipchains Guillaume (Nov 30)
- Re: Snort + ipchains John Sage (Nov 30)
- RE: Snort + ipchains Martijn Heemels (Dec 01)
- Re: Snort + ipchains John Sage (Dec 01)
- RE: Snort + ipchains Martijn Heemels (Dec 01)
- Re: Snort + ipchains John Sage (Dec 01)
- RE: Snort + ipchains Erek Adams (Dec 01)
- Re: Snort + ipchains Ed Wiget (Dec 01)
- RE: Snort + ipchains Martijn Heemels (Dec 01)
- Re: Snort + ipchains John Sage (Nov 30)
- Re: Snort + ipchains John Sage (Dec 01)
- RE: Snort + ipchains John Berkers (Dec 01)
- Re: Snort + ipchains John Sage (Dec 01)
- RE: Snort + ipchains Martijn Heemels (Dec 02)
- Re: Snort + ipchains John Sage (Dec 02)