[Snort-users] Where does Snort sit...

John Sage jsage at ...2022...
Sun May 13 04:00:33 EDT 2001


...as it were, in relation to ppp0 and ipchains?

As I understand it, now I've got:

                _________________________________________
               |              firewall box               |

Internet <---> ppp0 <-> ipchains <-> portsentry <-> eth0 <---> LAN


Does Snort sit between ppp0 and ipchains (which is what I hope..) or is 
it after ipchains and thus is going to see only the stuff that ipchains 
lets it?

Or does Snort get to the packets before ipchains does?

What I hope to do is more detailed probe analysis via Snort, and if it's 
behind ipchains I may have to open up my rules a little :-0

TIA..

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage at ...2022...
And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"





More information about the Snort-users mailing list