Snort mailing list archives
iptables vs snort vs portsentry order
From: Sonia Hamilton <sonia () cat org au>
Date: Mon, 21 Apr 2003 13:59:58 +1000
In what order would packets traverse iptables, snort, & portsentry? I've printed and read both the FAQ & 'Snort Overview'; searching the archives I've found:
http://marc.theaimsgroup.com/?l=snort-users&m=104033416708534&w=2 Jacob Redding Since iptables works with the kernel, and they are dropped by the kernel, iptables is first. All packets that make it past iptables are then passed to applications(I'm not talking layers, just an analogy), in this case snort. http://marc.theaimsgroup.com/?l=snort-users&m=100164539612753&w=2 JSeddon This seems to contradict the conclusion I got from the list archives. It seems that iptables is processing traffic before snort gets a chance to see it. Snort is putting the NIC in promiscuous mode. But it doesn't see traffic iptables is configured to block unless I flush the IPtables rules. Is something misconfigured with snort for me? Did I draw the wrong conclusion from the list?
So from these it would seem that iptables sees the packets before snort; how would portsentry fit in here? -- Sonia | GNU/Linux - free as in 'free speech', | not 'free beer'. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- iptables vs snort vs portsentry order Sonia Hamilton (Apr 20)