[Snort-users] Where does Snort sit...
jsage at ...2022...
Sun May 13 04:00:33 EDT 2001
...as it were, in relation to ppp0 and ipchains?
As I understand it, now I've got:
| firewall box |
Internet <---> ppp0 <-> ipchains <-> portsentry <-> eth0 <---> LAN
Does Snort sit between ppp0 and ipchains (which is what I hope..) or is
it after ipchains and thus is going to see only the stuff that ipchains
Or does Snort get to the packets before ipchains does?
What I hope to do is more detailed probe analysis via Snort, and if it's
behind ipchains I may have to open up my rules a little :-0
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"
More information about the Snort-users