[Snort-users] combination of snort & ipchains

Avleen Vig avleen at ...396...
Tue Jan 16 10:56:35 EST 2001


It IS possible to do this by setting up VLAN's on your network interface.
Have SNORT sit on the first VLAN, and have it route all packets to the
second VLAN.


----- Original Message -----
From: "Philipp Snizek" <mailinglists at ...1153...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, January 16, 2001 3:18 PM
Subject: [Snort-users] combination of snort & ipchains


> Dear list members,
>
> If I do a portscan using nmap, my ipchains log the scan with a lot of DENY
> messages. But Snort does not log anything. If something occurs that is
> allowed by ipchains (e.g. ping-pong), it is logged by snort.
>
> Since I'm new to IDS, do I only have to control ports that are left open
by
> the packet filter, or is it possible to have Snort controlling all (1 -
> 65535) ports BEFORE packets hit the deny rules of ipchains?
>
> TIA
> Philipp
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
>





More information about the Snort-users mailing list