Snort mailing list archives

RE: Application proxy firewall?

From: "Drew Stockman" <Drew.Stockman () cibmis com>
Date: Thu, 20 Feb 2003 09:11:16 -0600

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I do not believe there is any way of doing that.  The packets are generated from the firewall itself since it acts as 
the middle-man for all connections.  There is no reference to the original IP address in the packet, it just keeps 
track of ports and knows which connection to match up on the other side. Snort can't tell you about something that 
isn't in the packet. 

Drew Stockman
Security Analyst
CIBMIS


- -----Original Message-----
From: Brian Conte [mailto:bconte675 () hotmail com]
Sent: Thursday, February 20, 2003 6:41 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Application proxy firewall?


Greetings,

Will snort v1.9 that is watching traffic behind an application proxy 
firewall see the internal interface of the firewall as the SRC or DEST for 
any traffic going through the firewall or is snort capable of finding the 
real IP that the traffic is going to?

If snort is capable of doing this, can someone point me to some 
documentation on this feature?

Thanks,






_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail



- -------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPlTwFDK/qMtUmsxZEQJ0tgCg4gUXzk5S871o3f20F6hQO2fR2isAoIcg
jIuB3rVQXwF+8DgJ7qfswwFK
=w8iU
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Application proxy firewall? Brian Conte (Feb 20)
- Re: Application proxy firewall? Demetri Mouratis (Feb 20)
- Re: Application proxy firewall? Erek Adams (Feb 20)
- <Possible follow-ups>
- RE: Application proxy firewall? Drew Stockman (Feb 20)