Snort mailing list archives
Re: a couple of questions
From: Giannakis Eleftherios <legian () otenet gr>
Date: Fri, 12 Dec 2003 10:01:20 +0200
Ok, it seems I haven't put my question properly... I was wondering about how to secure TCP port 2525 which is open in the server (snort agent+snortcenter+acid+mysqld+apache) and not through pc's running snort.So I can rephrase my question about securing the "miniserv" which listens in TCP port 2525 and whether it could be compiled with libwrap support so as to be "secured" from the hosts.allow file. Thanks again for the answers and sorry for the incorrect placement of the questions.. :( On Thu, Dec 11, 2003 at 11:47:24AM -0500, Matt Kettler wrote:
At 07:04 AM 12/11/2003, Giannakis Eleftherios wrote:i would like to ask a couple of things: first of all, I would like to know whether snort can work with TCP wrappers (compiled with libwrap) because I couldn't find this option in snort 2.0.5 compilation and secondly, how can we protect the TCP 2525 port on a snort center server? Generally if anyone can write which ports should one protect to be safe enough in the open space-hmm Internet I mean :)Tcp_wrappers is a tool to control access to ports in programs that accept connections... snort never opens sockets to accept connections in the first place. Thus, wrappers would be irrelevant to snort. It would be completely pointless to support librwap in snort.. it's a sniffer. In general snort operates by using libpcap to pick up packets. It does not use the IP stack, it does not bind sockets, it does not "listen" in the same manner that server daemons like webservers do. Instead libpcap scrapes off a copy of every packet coming in from the ethernet driver and passes them to snort. This happens in parallel with the copy that is sent to the IP stack. Thus, this happens irrespective of local firewall rules, stack behaviors, and anything else that is "higher level" than the ethernet driver itself. What's tcp/2525 for? This doesn't sound like anything snort related to me. AFAIK that's the port used by ms-vworlds...
-- ----------------------------------- ' There's no place like 127.0.0.1 ' ----------------------------------- ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- a couple of questions Giannakis Eleftherios (Dec 11)
- Re: a couple of questions Matt Kettler (Dec 11)
- Re: a couple of questions Giannakis Eleftherios (Dec 12)
- Newbie question on gnutella rule Chris Hoover (Dec 13)
- Re: Newbie question on gnutella rule Josh Berry (Dec 13)
- Re: Newbie question on gnutella rule Michael Boman (Dec 13)
- Re: a couple of questions Matt Kettler (Dec 11)
- <Possible follow-ups>
- RE: a couple of questions DeBerry, Casey (Dec 11)