[Snort-users] Wrappers

Chris Green cmg at ...671...
Tue Nov 6 11:40:12 EST 2001


"snortlst snortlst" <snortlst at ...125...> writes:

> On which layer snort inspects incoming traffic? If it inspects it before
> tcp/ip (like checkpoint firewall) then can I use tcp wrappers and deny all
> traffic in tcp wrappers in order to secure linux machine?

It sniffs in promiscous mode so it can see traffic with no interaction
with the native tcp/ip stack  ( other than where it overlaps with BPF
).

Yes.  Using TCP wrappers will not affect snort.

>  thx.

-- 
Chris Green <cmg at ...671...>
A good pun is its own reword.




More information about the Snort-users mailing list