[Snort-users] snort behind firewall ??
martijn at ...1873...
Tue May 1 18:10:37 EDT 2001
I'm not seeing packets that are stopped by the firewall... So, in effect
I'm seeing a lot of traffic on the internal interface and barely none on
pentium-1 233MHz, 128Mb SDRAM
Linux RedHat 6.2 with all updates applied...
kernel 2.2.16-3 (I don't know how it's configured... standard redhat
kernel from rpm package)
firewall: ipchains 1.3.9-5 (using a ruleset from
http://linux-firewall-tools.com/linux/firewall/index.html but customized)
Also running portsentry 1.0-9 in stealth tcp/udp mode.
External interface is a 3com 3c509
Internal interface is a Realtek NE2000 compatible
I'm running snort with:
/usr/sbin/snort -u snort -g snort -s -d -D -l /var/log/snort -i
$INTERFACE -c /etc/snort/snort.conf
When running ifconfig no interfaces seem to be in Promiscuos mode... Is
If any more info is needed, let me know... I'll be glad to help...
I didn't know snort was supposed to see these packets until this was
brought up on the list.
Hope this helps,
M. Heemels | Yoda of Borg are we.
Eindhoven, NL | Futile is resistance.
martijn at ...1736... | Assimilate you, we will.
*** encrypt for secure email ***
> It is up in the air right now wether or not snort can see packets before
> the firewall drop them. It seems it is system dependant. I would like
> to take a poll of who can snort through there firewall and who can't.
> We'll need to know what kernal you are using, how it's configured, what
> firewall your using, how it's configures, and what os your using.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3206 bytes
Desc: not available
More information about the Snort-users