Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is IPTables blocking Snort detection?

From: Dirk Geschke <Dirk_Geschke () genua de>
Date: Mon, 19 Jan 2004 17:22:09 +0100
Hi Stephen,


If I've got everything firewalled on my Linux-Snort box using IPTables
except for SSH, will that limit what Snort (and the promiscuous mode
NIC) is able to see & detect? Just curious... Thanks!


snort will detect traffic before iptables will block them.

But however nearly every rule contains the keyword "established"
so you won't see any attacks triggered by these rules.

Best regards

Dirk



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: