[Snort-users] snort behind firewall ??

centipede centiped at ...1832...
Thu Apr 26 18:53:58 EDT 2001


Don't know, guys, really.
I run snort on the same linux machine I use ipchains.
I configured it to serve and protect my ppp0 interface.
Until today, it has alerted me of nothing but an ICMP scan, thanks to 
ipchains.
The moment I remove ipchains, snort usually begins its barking.
And of course I heavily tested it with self initiated scannings.
My conclusion, and of course your remarks are more than welcomed, is that

snort  DO  NOT   see packets blocked by ipchains.

centipede.


p.s - as I said, I'd be extremely happy of course if any of you could 
show me otherwise.





More information about the Snort-users mailing list