Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort behind firewall ??

From: Jason Opperisano <jopperisano () netcriticalgroup com>
Date: Tue, 1 May 2001 21:40:29 -0400
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OpenBSD 2.7 i386
IP Filter: v3.3.16
Snort Version 1.7

Default deny everything on xl1 (external NIC)

Running snort on xl1

Snort sees everything--I can actually see attacks reported by snort
in the alert file and then go find where IPF dropped the packet in
its log file.

Jason

- -----Original Message-----
From: Josh Oshiro [mailto:josh () silicondefense com]
Sent: Monday, April 30, 2001 2:13 PM
To: ./
Cc: Robert D. Hughes; snort-users
Subject: Re: [Snort-users] snort behind firewall ??

It is up in the air right now wether or not snort can see packets
before
the firewall drop them. It seems  it is system dependant. I would
like
to take a poll of who can snort through there firewall and who can't.
We'll need to know what kernal you are using, how it's configured,
what
firewall your using, how it's configures, and what os your using.

- -- 
josh () silicondefense com
Snort Support
Silicon Defense

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBOu9lQ6nGvB5QXYGaEQLdSwCfcZBtbx5JGG1iYM2j8ysaFdlM9JcAn0Nj
DlfpxO6XFJLCKkzrag4rAXqU
=ie2J
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: