[Snort-users] running snort on webserver
dotslash at ...1760...
Tue Apr 24 06:58:29 EDT 2001
ouch. i too am in the same situation where i can't afford a separate snort
box. i have ipfilter and snort on the same machine.
my findings are that snort will not be sensing much if it's behind a
firewall since the firewall will be dropping the sessions snort is supposed
to scan. however, i read somewhere that with egress filtering i could get
snort do it's job even if it's behind a firewall. i'm still looking for how
to do it.
----- Original Message -----
From: "Simon Frohn" <sf at ...1883...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, April 24, 2001 2:32 PM
Subject: [Snort-users] running snort on webserver
> at the moment I am using ipchains to
> block everything except ftp, http and ssh
> on a webserver.
> Nevertheless I would like getting informend
> about break-in attempts, scans and dos-attacks
> especially those using the http-service.
> Would you recommend putting snort on
> the same machine the webserver is running?
> I do not have the possibility to set up
> a special snort server ...
> Or is it safer to rely on ip-firewalling and not
> to scan http-traffic?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users