[Snort-users] snort behind firewall - good?

dotslash dotslash at ...1760...
Mon Apr 23 03:39:21 EDT 2001


i only have one interface which both ipfilter and snort uses.  i'm not sure
about ipfilter though if it's in the kernel space (although i've compiled in
ipfilter support for my fbsd custom kernel).  maybe.

thanks to all those who replied.  i shall wait and see what happens now that
ipfilter and snort are up.


----- Original Message -----
From: "Jed Haile" <hailjt at ...1871...>
To: "dotslash" <dotslash at ...1760...>; "Snort"
<snort-users at lists.sourceforge.net>
Sent: Sunday, April 22, 2001 6:28 PM
Subject: Re: [Snort-users] snort behind firewall - good?


> This should work. I have never tried it.  If you're using ipchians or
> iptables, these live in kernal space, and libpcap will capture the packets
> before the firewall gets an opportunity to see them.
>
> I would prefer separate machines, but if you haven't got the resources
then
> this is better than nothing...
>
> Jed
>
>
>
> ----- Original Message -----
> From: "dotslash" <dotslash at ...1760...>
> To: "Snort" <snort-users at lists.sourceforge.net>
> Sent: Sunday, April 22, 2001 5:04 AM
> Subject: [Snort-users] snort behind firewall - good?
>
>
> > this maybe obvious to all of you but i just want to find out if it's
> > advisable to install a firewall in the same box as snort is installed.
> will
> > i be missing things if i do it this way like portscans and all that?
> >
> >
> > regards,
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>





More information about the Snort-users mailing list