Snort mailing list archives
RE: Snort on Checkpoint Firewall-1
From: "Ofir Arkin" <ofir () sys-security com>
Date: Sat, 20 Oct 2001 02:26:49 +0200
Scott, Some info you asked for. Checkpoint module gets installed just after the link-layer. This means it gets to deal with traffic before layer 3 does (IP). On another note, if I am you I would not run snort on the same box as my Firewall. Install your firewall on a dedicated box always. You certainly do not wish to have surprises. This is just my 2c Ofir Arkin [ofir () sys-security com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Dresen, Scott Sent: ו 19 אוקטובר 2001 22:55 To: snort-users () lists sourceforge net Subject: [Snort-users] Snort on Checkpoint Firewall-1 I'm running Snort v1.8.1 on the same Linux box that I'm running a Checkpoint Firewall-1 firewall. However, my snort logs are not showing any activity. When I ran Snort with IPTables, I saw plenty of activity. I'm wondering if anyone knows whether or not Checkpoint runs at a higher priority on Linux and therefore blocks packets before Snort has a chance to analyze them? TIA, Scott
Current thread:
- Snort on Checkpoint Firewall-1 Dresen, Scott (Oct 19)
- RE: Snort on Checkpoint Firewall-1 Ofir Arkin (Oct 19)
- So many of false alerts Syed Mohammad Talha (Oct 19)
- Re: Snort on Checkpoint Firewall-1 Fyodor (Oct 20)
- RE: Snort on Checkpoint Firewall-1 Ofir Arkin (Oct 19)