Snort mailing list archives
Re: snort-inline question
From: <seclists () violating us>
Date: Tue, 7 Oct 2003 08:39:35 -0500 (EST)
Harry: Using the normal non-inline version of snort, you still have access to packets on your wire even if iptables explicitly blocks traffic on that interface. I can send you specific (sanitized) logs and rules if you can't take my word for it. -jof
--On Tuesday, October 07, 2003 06:35:51 AM -0500 seclists () violating us wrote:I'm sure this will be asked or told to you a hundred times, but: If all you want snort to do is look at packets, why did you use snort-inline instead of snort? did you look at the docs at all? The whole point of using snort-inline is to use iptables. It's like ordering a cheeseburger and then complaining that it has cheese. Go get a hamburger...The point is, that snort does not see anything when iptables is restricting access to the machine. I want snort to look at all packages on the interface but iptables still to work as a stateful firewall and both at the same time is a little tricky. Harry ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-inline question Harry Brueckner (Oct 07)
- Message not available
- Re: snort-inline question Harry Brueckner (Oct 07)
- Re: snort-inline question Guillaume Rix (Oct 07)
- Re: snort-inline question seclists (Oct 07)
- Message not available
- Re: snort-inline question Harry Brueckner (Oct 07)
- Re: snort-inline question Harry Brueckner (Oct 07)
- Message not available