[Snort-users] snort behind firewall ??

Andre Goeree abgoeree at ...1945...
Tue May 1 03:10:28 EDT 2001


On Mon, Apr 30, 2001 at 11:12:43AM -0700, Josh Oshiro wrote:
>
> It is up in the air right now wether or not snort can see packets before
> the firewall drop them. It seems  it is system dependant. I would like
> to take a poll of who can snort through there firewall and who can't.
> We'll need to know what kernal you are using, how it's configured, what
> firewall your using, how it's configures, and what os your using.
> 

Hello,

I'm snorting through my packet filter on:

OS: FreeBSD 4.3-STABLE #0: Thu Apr 26 22:51:58 CEST 2001
    kernel options:
	   IPFILTER
	   IPFILTER_LOG

FW: IP Filter: v3.4.16
    FW config:
       only connections to outside are permitted (stateful)
       anything coming in is blocked

Snort is listening on the outside device: tun0 (user ppp)

So far i have successfully picked up portscans while testing the
firewall. 

--Andre.




More information about the Snort-users mailing list