Snort mailing list archives
RE: snort behind firewall ??
From: "Martijn Heemels" <martijn () yggdrasil yi org>
Date: Wed, 2 May 2001 00:10:37 +0200
Hi Josh, I'm not seeing packets that are stopped by the firewall... So, in effect I'm seeing a lot of traffic on the internal interface and barely none on the external. My setup: pentium-1 233MHz, 128Mb SDRAM Linux RedHat 6.2 with all updates applied... kernel 2.2.16-3 (I don't know how it's configured... standard redhat kernel from rpm package) firewall: ipchains 1.3.9-5 (using a ruleset from http://linux-firewall-tools.com/linux/firewall/index.html but customized) Also running portsentry 1.0-9 in stealth tcp/udp mode. External interface is a 3com 3c509 Internal interface is a Realtek NE2000 compatible I'm running snort with: /usr/sbin/snort -u snort -g snort -s -d -D -l /var/log/snort -i $INTERFACE -c /etc/snort/snort.conf When running ifconfig no interfaces seem to be in Promiscuos mode... Is that bad? If any more info is needed, let me know... I'll be glad to help... I didn't know snort was supposed to see these packets until this was brought up on the list. Hope this helps, Martijn -- M. Heemels | Yoda of Borg are we. Eindhoven, NL | Futile is resistance. martijn () heemels com | Assimilate you, we will. *** encrypt for secure email ***
It is up in the air right now wether or not snort can see packets before the firewall drop them. It seems it is system dependant. I would like to take a poll of who can snort through there firewall and who can't. We'll need to know what kernal you are using, how it's configured, what firewall your using, how it's configures, and what os your using.
Attachment:
smime.p7s
Description:
Current thread:
- Re: snort behind firewall ?? ./ (Apr 29)
- <Possible follow-ups>
- Re: snort behind firewall ?? ./ (Apr 29)
- Re: snort behind firewall ?? Dan Hollis (Apr 29)
- Re: snort behind firewall ?? Josh Oshiro (Apr 30)
- RE: snort behind firewall ?? Jason Lewis (Apr 30)
- Re: snort behind firewall ?? Andre Goeree (May 01)
- Re: snort behind firewall ?? Security (May 01)
- RE: snort behind firewall ?? Martijn Heemels (May 01)
- RE: snort behind firewall ?? Jason Opperisano (May 01)
- RE: snort behind firewall ?? Hawrylkiw, Dan G (May 02)
- Sound Alerting Preprocessor Andrea Barisani (May 02)