Snort mailing list archives
Re: Snort and IPtables...
From: "Peter VE" <peter.ve () pandora be>
Date: Wed, 26 Mar 2003 00:45:34 +0100
which of course brings up a good point : your iptables firewall suddenly becomes only as safe as your snort is (or tcpdump, or any other app that uses libpcap stuff if you will) so maybe it's not a good idea to combine a firewall & ids/sniffer on the same box... (just my $0,02) ----- Original Message ----- From: "Tobias Rice" <rice () up edu> To: "'Erick Mechler'" <emechler () techometer net> Cc: <snort-users () lists sourceforge net> Sent: Tuesday, March 25, 2003 11:33 PM Subject: RE: [Snort-users] Snort and IPtables... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks again you all! </gratuitous email...> - -----Original Message----- From: Erick Mechler [mailto:emechler () techometer net] Sent: Tuesday, March 25, 2003 2:26 PM To: Tobias Rice Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort and IPtables... :: I'm curious how Snort (well at least libpcap) is affected by IPtables? :: <assumptions> Libpcap operates at layer 2 and IPtables above that </assumptions> :: If that is the case I'm assuming that IPtables could be tightened down without interference with Snort? I'm sure that I'm way off, so please enlighten me. Yup, you're right. libpcap is below firewalling software in the stack, so it'll see everything that crosses the wire, even things (eventually) dropped by the firewall (whatever it happens to be, and even if it's a kernel-level firewall). Cheers - Erick -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPoDZNMNinOuDXR1bEQKJYgCgwbmp1a5F2rnWodoxk8aFoyvnWAgAoMa9 YGtJx9GEcIVPdIKwegQa/Z11 =dJRk -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and IPtables... Tobias Rice (Mar 25)
- Re: Snort and IPtables... Phil Wood (Mar 25)
- Re: Snort and IPtables... Erick Mechler (Mar 25)
- RE: Snort and IPtables... Tobias Rice (Mar 25)
- Re: Snort and IPtables... Peter VE (Mar 25)
- Re: Snort and IPtables... Matt Kettler (Mar 25)
- RE: Snort and IPtables... Tobias Rice (Mar 25)