[Snort-users] snort behind firewall ??
dotslash at ...1760...
Sat Apr 28 02:25:59 EDT 2001
so where and how should one install snort then? if it's installed outside
the firewall and the snort box is not protected (by a firewall) then it
would get h4x0r right?
----- Original Message -----
From: "Steve Halligan" <agent33 at ...187...>
To: "'centipede'" <centiped at ...1832...>; "snort-users"
<snort-users at lists.sourceforge.net>
Sent: Friday, April 27, 2001 4:31 AM
Subject: RE: [Snort-users] snort behind firewall ??
> a ppp0 int is at layer2...so ipchains will block it and snort wont see it.
> If you had a ethernet int on the outside, pcap would be able to see the
> packets before ipchains blocked it.
> > Don't know, guys, really.
> > I run snort on the same linux machine I use ipchains.
> > I configured it to serve and protect my ppp0 interface.
> > Until today, it has alerted me of nothing but an ICMP scan, thanks to
> > ipchains.
> > The moment I remove ipchains, snort usually begins its barking.
> > And of course I heavily tested it with self initiated scannings.
> > My conclusion, and of course your remarks are more than
> > welcomed, is that
> > snort DO NOT see packets blocked by ipchains.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users