Snort mailing list archives
Re: Wrappers
From: Chris Green <cmg () uab edu>
Date: Tue, 06 Nov 2001 13:39:39 -0600
"snortlst snortlst" <snortlst () hotmail com> writes:
On which layer snort inspects incoming traffic? If it inspects it before tcp/ip (like checkpoint firewall) then can I use tcp wrappers and deny all traffic in tcp wrappers in order to secure linux machine?
It sniffs in promiscous mode so it can see traffic with no interaction with the native tcp/ip stack ( other than where it overlaps with BPF ). Yes. Using TCP wrappers will not affect snort.
thx.
-- Chris Green <cmg () uab edu> A good pun is its own reword. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Wrappers snortlst snortlst (Nov 06)
- Re: Wrappers james (Nov 06)
- Re: Wrappers snortlst snortlst (Nov 06)
- Re: Wrappers Chris Green (Nov 06)
- <Possible follow-ups>
- RE: Wrappers Kevin Brown (Nov 06)
- Re: Wrappers JPP (Nov 06)
- Re: Wrappers james (Nov 06)
- Re: Wrappers Skip Carter (Nov 06)
- Re: Wrappers JPP (Nov 06)
- RE: Wrappers Benjamin W. Ritcey (Nov 07)
- Re: Wrappers JPP (Nov 06)
- Re: Wrappers james (Nov 06)
- RE: Wrappers Wells, Kenneth L (Nov 06)
- RE: Wrappers Demetri Mouratis (Nov 06)
- Re: Wrappers snortlst snortlst (Nov 07)
- RE: Wrappers Chris Eidem (Nov 06)