[Snort-users] combination of snort & ipchains
fygrave at ...121...
Wed Jan 17 13:32:47 EST 2001
On Tue, Jan 16, 2001 at 10:00:47PM +0000, andy lowton wrote:
> >>>>> On Tue, 16 Jan 2001, "Avleen" == Avleen Vig wrote:
> Avleen> Fyodor: Same things happens on FreeBSD with IPF. If IPF blocks /
> Avleen> drops a packet, SNORT cannot pick it up :( Read my last mail about
> Avleen> VLANs which I'm going to try next
> Interesting, I run IPF and Snort on the same interface under OpenBSD and Snort
> picks everything up whatever IPF does.
> Maybe the original poster is doing his tests from a network that Snort doesn't
> consider to be 'external' and the rules are configured to look for external->
That is the only scenario I could think of, we read data off the datalink, ipf/ipchains shouldn't
interfere with it, everything that is on the wire we should be able to see.
More information about the Snort-users