Snort mailing list archives
RE: Not Picking up Much WHY "I am pulling out myhair"
From: esavage () digitalrage org
Date: Mon, 13 Oct 2003 10:34:11 -0400 (EDT)
I have just come across some articles stating that if you are running snort on your firewall as I am and monitoring the external interface. It all is setup correctly but just because of the way PF acts if you drop it at the external firewall interface snort never see's the packet can someone confirm this. I have seen a number of articles and email stating that snort see's all traffic before it is ever filtered by PF and now have come across others that say the exact opposite. Can someone clear this up?
RE: [Snort-users] Not Picking up Much WHY "I am pulling out myhair" Snort is running on the firewall itself monitoring the outside interface directly connected to the net. This is why I am amazed that it is not picking up anything more. I have just checked it again this morning and nothing but ICMP. And from everything I have read it says snort running on a firewall will see every packet before pf does and before any filtering happens. -----Original Message----- From: Patrick Harper [mailto:lists () internetsecurityguru com] Sent: Sunday, October 12, 2003 9:41 PM To: Elijah Savage Cc: Snort-Users Subject: Re: [Snort-users] Not Picking up Much WHY "I am pulling out myhair" do you have any filters set up, if Snort is behind your firewall it will only see what makes it thorough On Sun, 2003-10-12 at 17:23, Elijah Savage wrote: I I net tuned traffic doing ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Not Picking up Much WHY "I am pulling out myhair" Elijah Savage (Oct 13)
- Message not available
- RE: Not Picking up Much WHY "I am pulling out myhair" esavage (Oct 13)
- RE: Not Picking up Much WHY "I am pulling out myhair" esavage (Oct 13)
- RE: Not Picking up Much WHY "I am pulling out myhair" esavage (Oct 13)
- Message not available