Snort mailing list archives

RE: Firewalls on IDS

From: "Brian Laing" <Brian.Laing () Blade-Software com>
Date: Thu, 10 Apr 2003 09:41:06 -0700
Just checked it and on both 2000 and xp it only seems to apply to an
interface, I will have to test further to validate nothing funny going
on.

-------------------------------------------------------------------
Brian Laing
CTO
Blade Software
Cellphone: +1 650.280.2389
Telephone: +1 650 367.9376
eFax: +1 208.575.1374
Blade Software - Because Real Attacks Hurt
http://www.Blade-Software.com
-------------------------------------------------------------------



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Robert
Reid
Sent: Wednesday, April 09, 2003 10:23 PM
To: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Firewalls on IDS


Any filtering set in TCP/IP advanced properties will apply to all
interfaces on the machine. A better, albeit more complex solution is to
use IPSEC filtering as a firewall of sorts. IPSEC rules can be applied
per interface to allow and disallow various kinds of traffic from
defined networks.

-----Original Message-----
From: Brian Laing [mailto:Brian.Laing () Blade-Software com] 
Sent: Wednesday, April 09, 2003 8:44 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Firewalls on IDS



Tom,
        You don't need to install a firewall you can use windows normal
TCP security to deny access by port and ip addresss. This is there by
default so you wont have to install anything just goto TCP settings
under advanced. You should be able to find it.

Brian

-------------------------------------------------------------------
Brian Laing
CTO
Blade Software
Cellphone: +1 650.280.2389
Telephone: +1 650 367.9376
eFax: +1 208.575.1374
Blade Software - Because Real Attacks Hurt http://www.Blade-Software.com
-------------------------------------------------------------------



-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Tom
Culpepper
Sent: Wednesday, April 09, 2003 11:12 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Firewalls on IDS


I am currently running 2 NICS in my IDS machine, one for sniffing, one 
for access.  I need to know if there is any way to install a local 
firewall on the machine.  I have removed stealthed the port and have a 
recive only cable on the sniffer NIC.  The other nic is running 
normally, but needs some restriction to be safe.  I am running all of 
this on a windows 2k machine.

-tom



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost
and 
disoriented. TotalView can help you find your way. Available on major
UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost
and 
disoriented. TotalView can help you find your way. Available on major
UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost
and 
disoriented. TotalView can help you find your way. Available on major
UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Firewalls on IDS Tom Culpepper (Apr 09)
- RE: Firewalls on IDS Brian Laing (Apr 09)
- <Possible follow-ups>
- RE: Firewalls on IDS Miller, Eoin (Apr 09)
  - RE: Firewalls on IDS Don Weber (Apr 09)
- RE: Firewalls on IDS Robert Reid (Apr 09)
  - RE: Firewalls on IDS Brian Laing (Apr 10)