Snort mailing list archives
Re: a couple of questions
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 11 Dec 2003 11:47:24 -0500
At 07:04 AM 12/11/2003, Giannakis Eleftherios wrote:
i would like to ask a couple of things:first of all, I would like to know whether snort can work with TCP wrappers (compiled with libwrap) because I couldn't find this option in snort 2.0.5 compilation and secondly, how can we protect the TCP 2525 port on a snort center server? Generally if anyone can write which ports should one protect to be safe enough in the open space-hmm Internet I mean :)
Tcp_wrappers is a tool to control access to ports in programs that accept connections... snort never opens sockets to accept connections in the first place. Thus, wrappers would be irrelevant to snort. It would be completely pointless to support librwap in snort.. it's a sniffer.
In general snort operates by using libpcap to pick up packets. It does not use the IP stack, it does not bind sockets, it does not "listen" in the same manner that server daemons like webservers do.
Instead libpcap scrapes off a copy of every packet coming in from the ethernet driver and passes them to snort. This happens in parallel with the copy that is sent to the IP stack. Thus, this happens irrespective of local firewall rules, stack behaviors, and anything else that is "higher level" than the ethernet driver itself.
What's tcp/2525 for? This doesn't sound like anything snort related to me. AFAIK that's the port used by ms-vworlds...
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- a couple of questions Giannakis Eleftherios (Dec 11)
- Re: a couple of questions Matt Kettler (Dec 11)
- Re: a couple of questions Giannakis Eleftherios (Dec 12)
- Newbie question on gnutella rule Chris Hoover (Dec 13)
- Re: Newbie question on gnutella rule Josh Berry (Dec 13)
- Re: Newbie question on gnutella rule Michael Boman (Dec 13)
- Re: a couple of questions Matt Kettler (Dec 11)
- <Possible follow-ups>
- RE: a couple of questions DeBerry, Casey (Dec 11)