[Snort-users] Preventing Attacks

Jeff Taylor jeff at ...6176...
Thu Jun 27 07:58:04 EDT 2002


To clarify, I want to put Snort listening after the IPtables (linux
2.4.16) REJECT and DENY rules block from the external net.  To repeat,
this is all on one host, adding extra NICs, hosts, hardware, etc. is
not part of the answer I am looking for.

I am looking at Snort as a more sophisticated replacement for
Portsentry.  It does not tell my about attacks that are stopped by
IPtables, only about ones that get thru.  It is mildly interesting to
see what attacks are being thrown at my box.  What I want to know is
what attacks are penetrating the IPtables packet filter.

TIA,
  Jeffrey

Quoting Jeffrey Taylor <jeff at ...6176...>:
> Is it possible to have Snort listen inside the firewall?  This is on a
> one host set up.  I would like to see what is getting thru the
> firewall, not what is thrown at the firewall.
> 
> TIA,
>   Jeffrey




More information about the Snort-users mailing list