Snort mailing list archives
RE: firewall and snort on the same machine
From: "John Berkers" <berjo () ozemail com au>
Date: Thu, 16 Aug 2001 07:35:13 +1000
Snort should be able to see all the traffic before the firewall sees it. It doesn't need a second IP address since it is not the IP that goes promiscuous, it is the whole 'real' interface'. This means that even if you are actually blocking traffic, snort should still see it. At least this is how it works for IPChains & Firewall-1, so you mileage may vary. Regards, John Berkers berjo () ozemail com au -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Mohr, Stefan Sent: Thursday, 16 August 2001 6:39 To: 'Snort-users () lists sourceforge net' Subject: [Snort-users] firewall and snort on the same machine hi everybody, i want to implement a shorewall firewall (first installation is up and running) on the same machine as snort. how to do that - because i should block everything unwanted at the external interface. what do you think of having a 2nd virtual address on this interface (the next free ip address in my external network), sniffing with this ip address in promiscios mode and from the point of the view of the firewall just doing nothing with this packets? or is there a better way with a configuration in the snort configs? stefan mohr Dipl.-Ing. Stefan Mohr Manager Operations and Customer Care mediascape communications AG Weidestraße 122a 20083 Hamburg Tel.: 040 / 668610-0 Fax: 040 / 668610-222 www.mediascape.de This email is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this mail in error, please tell us immediately by return email and delete the document. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- firewall and snort on the same machine Mohr, Stefan (Aug 15)
- RE: firewall and snort on the same machine John Berkers (Aug 15)
- RE: firewall and snort on the same machine Martijn Heemels (Aug 15)
- RE: firewall and snort on the same machine Dragos Ruiu (Aug 15)
- RE: firewall and snort on the same machine John Berkers (Aug 16)
- RE: firewall and snort on the same machine Martijn Heemels (Aug 15)
- RE: firewall and snort on the same machine John Berkers (Aug 15)