cmg at ...671...
Tue Nov 6 11:40:12 EST 2001
"snortlst snortlst" <snortlst at ...125...> writes:
> On which layer snort inspects incoming traffic? If it inspects it before
> tcp/ip (like checkpoint firewall) then can I use tcp wrappers and deny all
> traffic in tcp wrappers in order to secure linux machine?
It sniffs in promiscous mode so it can see traffic with no interaction
with the native tcp/ip stack ( other than where it overlaps with BPF
Yes. Using TCP wrappers will not affect snort.
Chris Green <cmg at ...671...>
A good pun is its own reword.
More information about the Snort-users