[Snort-users] combination of snort & ipchains
avleen at ...396...
Tue Jan 16 10:56:35 EST 2001
It IS possible to do this by setting up VLAN's on your network interface.
Have SNORT sit on the first VLAN, and have it route all packets to the
----- Original Message -----
From: "Philipp Snizek" <mailinglists at ...1153...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, January 16, 2001 3:18 PM
Subject: [Snort-users] combination of snort & ipchains
> Dear list members,
> If I do a portscan using nmap, my ipchains log the scan with a lot of DENY
> messages. But Snort does not log anything. If something occurs that is
> allowed by ipchains (e.g. ping-pong), it is logged by snort.
> Since I'm new to IDS, do I only have to control ports that are left open
> the packet filter, or is it possible to have Snort controlling all (1 -
> 65535) ports BEFORE packets hit the deny rules of ipchains?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users