Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Preventing Attacks

From: "Snort" <listsnort () in-tuition co uk>
Date: Mon, 1 Jul 2002 17:36:18 +0100
Although my experience is still back on ipchains, the answer in that
case is that -- when snort and ipchains are on the same box -- snort
sees everything that ipchains sees.

Not what's left over, but *everything*..

I have not heard anything to the contrary about iptables, again, when
snort and iptables *are on the same box*

(I emphasize that because invariably this sort of discussion gets
garbled by people who are running snort on a *different box* than the
ipchains/iptables box. Then snort only sees what ip[chains|tables] has
passed..)


Just to confirm that this is indeed correct.  Regardless of what rules are in iptables, Snort will still see the 
traffic.

Matt.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: