[Snort-users] Firewalls on IDS

Robert Reid rreid at ...7835...
Wed Apr 9 22:24:01 EDT 2003


Any filtering set in TCP/IP advanced properties will apply to all interfaces
on the machine. A better, albeit more complex solution is to use IPSEC
filtering as a firewall of sorts. IPSEC rules can be applied per interface
to allow and disallow various kinds of traffic from defined networks.

-----Original Message-----
From: Brian Laing [mailto:Brian.Laing at ...8609...] 
Sent: Wednesday, April 09, 2003 8:44 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Firewalls on IDS



Tom,
	You don't need to install a firewall you can use windows normal TCP
security to deny access by port and ip addresss. This is there by default so
you wont have to install anything just goto TCP settings under advanced.
You should be able to find it.

Brian

-------------------------------------------------------------------
Brian Laing
CTO
Blade Software
Cellphone: +1 650.280.2389
Telephone: +1 650 367.9376
eFax: +1 208.575.1374
Blade Software - Because Real Attacks Hurt http://www.Blade-Software.com
-------------------------------------------------------------------



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Tom Culpepper
Sent: Wednesday, April 09, 2003 11:12 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Firewalls on IDS


I am currently running 2 NICS in my IDS machine, one for sniffing, one 
for access.  I need to know if there is any way to install a local 
firewall on the machine.  I have removed stealthed the port and have a 
recive only cable on the sniffer NIC.  The other nic is running 
normally, but needs some restriction to be safe.  I am running all of 
this on a windows 2k machine.

-tom



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list