Snort mailing list archives
AW: (Snort-users) Snort on Checkpoint Firewall-1
From: <sandro.poppi () wacker com>
Date: Mon, 22 Oct 2001 07:27:00 +0200
I suppose Checkpoint uses a highly customized kernel (well it does for Nokia appliance, so this is just a guess), therefor stateful inspection takes place before any other tool could capture packets resulting in that behaviour. As stated before just a guess. I would suggest using an own snort box in front of the firewall because a) you don't get probs with the firewall when snort for any reason has probs b) of performance issues c) I believe running as less services as possible is the right choice for a firewall So long, Sandro
possible to examine checkpoint binaries? :) On Fri, Oct 19, 2001 at 04:54:55PM -0400, Dresen, Scott wrote:I'm running Snort v1.8.1 on the same Linux box that I'm running a Checkpoint Firewall-1 firewall. However, my snort logs arenot showingany activity. When I ran Snort with IPTables, I saw plentyof activity.I'm wondering if anyone knows whether or not Checkpointruns at a higherpriority on Linux and therefore blocks packets before Snorthas a chanceto analyze them? TIA, Scott-- http://www.notlsd.net PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) Snort on Checkpoint Firewall-1 sandro.poppi (Oct 21)