Snort mailing list archives
RE: snort and firewall all in one machine
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Thu, 13 May 2004 09:38:00 -0500
You need to have snort listening on your inside interface. It uses libpcap so it see's traffic at the same time as the firewall. -----Original Message----- From: Peggy Kam [mailto:ppkam () n-dsi com] Sent: Thursday, May 13, 2004 7:52 AM To: snort-users () lists sourceforge net Subject: [Snort-users] snort and firewall all in one machine Hi, I am currently running the firewall and snort within the same machine; and snort is having its detections before firewall blocks the packets. I would like to use snort to test if my firewall actually blocks the packets launched by attackers. Would anyone give me some advice on how I could configure IDS to do its detections after the firewall blocks the packets by its rules? Thanks in advance, Peggy ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: snort and firewall all in one machine Harper, Patrick (May 13)
- Re: snort and firewall all in one machine Peggy Kam (May 13)