[Snort-users] Snort on Checkpoint Firewall-1
ofir at ...949...
Fri Oct 19 17:31:09 EDT 2001
Some info you asked for.
Checkpoint module gets installed just after the link-layer. This means
it gets to deal with traffic before layer 3 does (IP).
On another note, if I am you I would not run snort on the same box as my
Firewall. Install your firewall on a dedicated box always. You certainly
do not wish to have surprises.
This is just my 2c
Ofir Arkin [ofir at ...949...]
The Sys-Security Group
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Dresen,
Sent: ו 19 אוקטובר 2001 22:55
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort on Checkpoint Firewall-1
I'm running Snort v1.8.1 on the same Linux box that I'm running a
Checkpoint Firewall-1 firewall. However, my snort logs are not showing
any activity. When I ran Snort with IPTables, I saw plenty of activity.
I'm wondering if anyone knows whether or not Checkpoint runs at a higher
priority on Linux and therefore blocks packets before Snort has a chance
to analyze them?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users