Snort mailing list archives
Re: Preventing Attacks
From: Jeff Taylor <jeff () austinblues dyndns org>
Date: Thu, 27 Jun 2002 09:57:20 -0500
To clarify, I want to put Snort listening after the IPtables (linux 2.4.16) REJECT and DENY rules block from the external net. To repeat, this is all on one host, adding extra NICs, hosts, hardware, etc. is not part of the answer I am looking for. I am looking at Snort as a more sophisticated replacement for Portsentry. It does not tell my about attacks that are stopped by IPtables, only about ones that get thru. It is mildly interesting to see what attacks are being thrown at my box. What I want to know is what attacks are penetrating the IPtables packet filter. TIA, Jeffrey Quoting Jeffrey Taylor <jeff () austinblues dyndns org>:
Is it possible to have Snort listen inside the firewall? This is on a one host set up. I would like to see what is getting thru the firewall, not what is thrown at the firewall. TIA, Jeffrey
------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Preventing Attacks David Alexandre M. de Carvalho (Jun 25)
- <Possible follow-ups>
- RE: Preventing Attacks McCammon, Keith (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeff Taylor (Jun 27)
- Re: Preventing Attacks John Sage (Jun 28)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 27)
- RE: Preventing Attacks Hicks, John (Jun 26)
- RE: Preventing Attacks Slighter, Tim (Jun 26)