Snort mailing list archives
RE: Preventing Attacks
From: "Snort" <listsnort () in-tuition co uk>
Date: Mon, 1 Jul 2002 17:36:18 +0100
Although my experience is still back on ipchains, the answer in that case is that -- when snort and ipchains are on the same box -- snort sees everything that ipchains sees. Not what's left over, but *everything*.. I have not heard anything to the contrary about iptables, again, when snort and iptables *are on the same box* (I emphasize that because invariably this sort of discussion gets garbled by people who are running snort on a *different box* than the ipchains/iptables box. Then snort only sees what ip[chains|tables] has passed..)
Just to confirm that this is indeed correct. Regardless of what rules are in iptables, Snort will still see the traffic. Matt. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Preventing Attacks Snort (Jul 01)