[Snort-users] running snort on webserver

dotslash dotslash at ...1760...
Thu Apr 26 02:15:51 EDT 2001


alright. i'm rather new to firewalling although i've managed to block stuff
i don't want in my snort box successfully.  could you tell us just how would
one achieve what you're suggesting?  AFAIK, you can either block incoming
traffic or allow them in.  that's all.

appreciate response on this.


----- Original Message -----
From: "Jon Bentley" <jon at ...1741...>
To: "Josh Oshiro" <josh at ...155...>; "dotslash" <dotslash at ...1760...>
Cc: "Simon Frohn" <sf at ...1883...>; <snort-users at lists.sourceforge.net>
Sent: Thursday, April 26, 2001 3:56 AM
Subject: Re: [Snort-users] running snort on webserver


> Hey, guys.  The easiest way to make this happen is to
> forward all packets to a local loopback device, and then
> nat/filter off of that.  SNORT gets configured to view the
> packets on the loopback device, and you're in business.
>
> ----- Original Message -----
> From: "Josh Oshiro" <josh at ...155...>
> To: "dotslash" <dotslash at ...1760...>
> Cc: "Simon Frohn" <sf at ...1883...>; <snort-users at lists.sourceforge.net>
> Sent: Wednesday, April 25, 2001 7:29 PM
> Subject: Re: [Snort-users] running snort on webserver
>
>
> > dotslash wrote:
> > >
> > > ouch.  i too am in the same situation where i can't afford a separate
> snort
> > > box.  i have ipfilter and snort on the same machine.
> > >
> > > my findings are that snort will not be sensing much if it's behind a
> > > firewall since the firewall will be dropping the sessions snort is
> supposed
> > > to scan.  however, i read somewhere that with egress filtering i could
> get
> > > snort do it's job even if it's behind a firewall.  i'm still looking
for
> how
> > > to do it.
> > >
> > > my 2cents.





More information about the Snort-users mailing list