Security Basics mailing list archives
locking down snort
From: "Jose Guevarra" <jose () iquest ucsb edu>
Date: Thu, 24 Jun 2004 10:28:43 -0700
Hi, I have some machines running snort. I'd like to restrict ssh/http and other access to them. However, I'm not sure if in doing so, would snort not 'grab' and analyze traffic hitting those ports. I guess I'm asking - if I blocked those ports from the outside world would I still detect say a port scan on those ports? - Who captures the packets first: Firewall(IPTABLES) or SNORT? Thanks, --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- locking down snort Jose Guevarra (Jun 25)
- Re: locking down snort Nasir Ghaznavi (Jun 28)
- Re: locking down snort Nelson Santos (Jun 28)
- <Possible follow-ups>
- Locking down Snort Carey Myers (Jun 28)
- Re: Locking down Snort Nelson Santos (Jun 29)
- RE: locking down snort Andrew Shore (Jun 28)