[Snort-users] combination of snort & ipchains
avleen at ...396...
Tue Jan 16 11:08:26 EST 2001
> On Tue, Jan 16, 2001 at 04:18:04PM +0100, Philipp Snizek wrote:
> > Dear list members,
> > If I do a portscan using nmap, my ipchains log the scan with a lot of
> > messages. But Snort does not log anything. If something occurs that is
> > allowed by ipchains (e.g. ping-pong), it is logged by snort.
> > Since I'm new to IDS, do I only have to control ports that are left open
> > the packet filter, or is it possible to have Snort controlling all (1 -
> > 65535) ports BEFORE packets hit the deny rules of ipchains?
> hmm.. maybe new linux kernel `feature`(?), what libpcap/linix kernel
version you're using?
Same things happens on FreeBSD with IPF.
If IPF blocks / drops a packet, SNORT cannot pick it up :(
Read my last mail about VLANs which I'm going to try next
Av - aka singh
More information about the Snort-users