Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort + ipchains

From: John Sage <jsage () finchhaven com>
Date: Sun, 3 Mar 2002 21:08:48 -0800
Ashley:

If I've understood your question correctly, yes, snort will see packets
that are DENY'ed by ipchains *if* snort is running on the same box as
ipchains.

That's exactly what I'm doing, and snort sees everything ipchains
does.

If snort is off on another box, behind the ipchains box, it's another
matter entirely.

HTH..


- John

-- 
Most people don't type their own logfiles;  but, what do I care?



On Sun, Mar 03, 2002 at 08:35:05PM -0500, Ashley Thomas wrote:

hi,

I need to run snort inside the firewall as well as outside it.

I need to run outside to know the attacks which cannot make it thru
the firewall.

So if i run snort on the same machine , will snort see the packets which
are blocked by the firewall (ipchains).

thanks
ashley


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: