[Snort-users] snort behind firewall ??

./ dotslash at ...1760...
Sun Apr 29 04:31:09 EDT 2001

>What I've done is to run two instances of snort on the box. One listens on
>the outside xl0 interface, the other listens on xl1. That way I see what's
>coming in. Snort does see things in the tcp stream, but I've never been
>to determine if its seeing things that are blocked by the firewall. It
>definitely sees port scans, which tells me it probably does, but I like to
>absolutely positive.


still the question remains as to how to protect the snort box.  i too have
also verified that portscans are being seen by snort even with a firewall.
i'm just wondering why the binary-log-file doesn't contain anything during
the time when i was running the snort attack scripts.

More information about the Snort-users mailing list