[Snort-users] snort behind firewall ??
abgoeree at ...1945...
Tue May 1 03:10:28 EDT 2001
On Mon, Apr 30, 2001 at 11:12:43AM -0700, Josh Oshiro wrote:
> It is up in the air right now wether or not snort can see packets before
> the firewall drop them. It seems it is system dependant. I would like
> to take a poll of who can snort through there firewall and who can't.
> We'll need to know what kernal you are using, how it's configured, what
> firewall your using, how it's configures, and what os your using.
I'm snorting through my packet filter on:
OS: FreeBSD 4.3-STABLE #0: Thu Apr 26 22:51:58 CEST 2001
FW: IP Filter: v3.4.16
only connections to outside are permitted (stateful)
anything coming in is blocked
Snort is listening on the outside device: tun0 (user ppp)
So far i have successfully picked up portscans while testing the
More information about the Snort-users