Snort mailing list archives

Re: Newbie question

From: Erick Mechler <emechler () techometer net>
Date: Mon, 21 Apr 2003 12:54:07 -0700

:: I am now to IDS and Snort and have a question.  Does having iptable rules
:: setup on the machine affect it in any way?  Oh, it will be behind our
:: firewall.

Chris, if you have firewall software installed on the same system as your 
IDS, then the FW won't affect what your IDS can see.  Snort uses libpcap, 
which is lower on the TCP stack than your FW, so it will see packets before 
they get dropped.

Also, please be sure to check the FAQs and the mailing list archives for
information before posting to the list in the future.  This question has
been answered a few times already in the past.

Cheers - Erick


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Newbie question Chris (Apr 21)
- Re: Newbie question Erick Mechler (Apr 21)
- Re: Newbie question (FAQ 4.3 update requested) Matt Kettler (Apr 21)
- <Possible follow-ups>
- RE: Newbie question Potts, Ross A. (Apr 23)
- Newbie Question Wilcoxen, Scott (Apr 25)
- RE: Newbie Question Pacheco, Michael F. (Apr 25)
- RE: Newbie Question Wilcoxen, Scott (Apr 27)