IDS mailing list archives

Re: Snort & iptables on the same box

From: Michael Boman <michael.boman () gmail com>
Date: Wed, 15 Jun 2005 06:43:53 +0800

On 6/14/05, Will Metcalf <william.metcalf () gmail com> wrote:

snort rely's on the QUEUE target in iptables to receive its data.


Only in inline (IPS) mode. As an IDS it uses libpcap to recieve data
and doesn't care what firewall rules you have in place.

Best regards
 Michael Boman

-- 
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Current thread:

Snort & iptables on the same box Jean-Pierre Denis (Jun 12)
- Re: Snort & iptables on the same box Will Metcalf (Jun 14)
  - Re: Snort & iptables on the same box Michael Boman (Jun 16)
- Re: Snort & iptables on the same box Joachim Schipper (Jun 14)
- Re: Snort & iptables on the same box Michael Boman (Jun 14)
- Re: Snort & iptables on the same box snort user (Jun 16)