[Snort-users] snort behind firewall ??

dotslash dotslash at ...1760...
Sat Apr 28 02:25:59 EDT 2001


so where and how should one install snort then?  if it's installed outside
the firewall and the snort box is not protected (by a firewall) then it
would get h4x0r right?



----- Original Message -----
From: "Steve Halligan" <agent33 at ...187...>
To: "'centipede'" <centiped at ...1832...>; "snort-users"
<snort-users at lists.sourceforge.net>
Sent: Friday, April 27, 2001 4:31 AM
Subject: RE: [Snort-users] snort behind firewall ??


> a ppp0 int is at layer2...so ipchains will block it and snort wont see it.
> If you had a ethernet int on the outside, pcap would be able to see the
> packets before ipchains blocked it.
>
> > Don't know, guys, really.
> > I run snort on the same linux machine I use ipchains.
> > I configured it to serve and protect my ppp0 interface.
> > Until today, it has alerted me of nothing but an ICMP scan, thanks to
> > ipchains.
> > The moment I remove ipchains, snort usually begins its barking.
> > And of course I heavily tested it with self initiated scannings.
> > My conclusion, and of course your remarks are more than
> > welcomed, is that
> >
> > snort  DO  NOT   see packets blocked by ipchains.
> >
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list