Snort mailing list archives
Re: Preventing Attacks
From: John Sage <jsage () finchhaven com>
Date: Fri, 28 Jun 2002 05:31:37 -0700
Jeff: On Thu, Jun 27, 2002 at 09:57:20AM -0500, Jeff Taylor wrote:
To clarify, I want to put Snort listening after the IPtables (linux 2.4.16) REJECT and DENY rules block from the external net. To repeat, this is all on one host, adding extra NICs, hosts, hardware, etc. is not part of the answer I am looking for. I am looking at Snort as a more sophisticated replacement for Portsentry. It does not tell my about attacks that are stopped by IPtables, only about ones that get thru. It is mildly interesting to see what attacks are being thrown at my box. What I want to know is what attacks are penetrating the IPtables packet filter.
Although my experience is still back on ipchains, the answer in that case is that -- when snort and ipchains are on the same box -- snort sees everything that ipchains sees. Not what's left over, but *everything*.. I have not heard anything to the contrary about iptables, again, when snort and iptables *are on the same box* (I emphasize that because invariably this sort of discussion gets garbled by people who are running snort on a *different box* than the ipchains/iptables box. Then snort only sees what ip[chains|tables] has passed..) - John -- "You are in a little maze of twisty passages, all different." PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Preventing Attacks David Alexandre M. de Carvalho (Jun 25)
- <Possible follow-ups>
- RE: Preventing Attacks McCammon, Keith (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeff Taylor (Jun 27)
- Re: Preventing Attacks John Sage (Jun 28)
- Re: Preventing Attacks Jeffrey Taylor (Jun 26)
- Re: Preventing Attacks Jeffrey Taylor (Jun 27)
- RE: Preventing Attacks Hicks, John (Jun 26)
- RE: Preventing Attacks Slighter, Tim (Jun 26)