[Snort-users] snort behind firewall ??

./ dotslash at ...1760...
Sun Apr 29 04:31:09 EDT 2001


>What I've done is to run two instances of snort on the box. One listens on
>the outside xl0 interface, the other listens on xl1. That way I see what's
>coming in. Snort does see things in the tcp stream, but I've never been
able
>to determine if its seeing things that are blocked by the firewall. It
>definitely sees port scans, which tells me it probably does, but I like to
be
>absolutely positive.

>Rob

still the question remains as to how to protect the snort box.  i too have
also verified that portscans are being seen by snort even with a firewall.
i'm just wondering why the binary-log-file doesn't contain anything during
the time when i was running the snort attack scripts.





More information about the Snort-users mailing list