[Snort-users] Firewalls on IDS

Brian Laing Brian.Laing at ...8609...
Thu Apr 10 09:45:06 EDT 2003


Just checked it and on both 2000 and xp it only seems to apply to an
interface, I will have to test further to validate nothing funny going
on.

-------------------------------------------------------------------
Brian Laing
CTO
Blade Software
Cellphone: +1 650.280.2389
Telephone: +1 650 367.9376
eFax: +1 208.575.1374
Blade Software - Because Real Attacks Hurt
http://www.Blade-Software.com
-------------------------------------------------------------------



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Robert
Reid
Sent: Wednesday, April 09, 2003 10:23 PM
To: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Firewalls on IDS


Any filtering set in TCP/IP advanced properties will apply to all
interfaces on the machine. A better, albeit more complex solution is to
use IPSEC filtering as a firewall of sorts. IPSEC rules can be applied
per interface to allow and disallow various kinds of traffic from
defined networks.

-----Original Message-----
From: Brian Laing [mailto:Brian.Laing at ...8609...] 
Sent: Wednesday, April 09, 2003 8:44 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Firewalls on IDS



Tom,
	You don't need to install a firewall you can use windows normal
TCP security to deny access by port and ip addresss. This is there by
default so you wont have to install anything just goto TCP settings
under advanced. You should be able to find it.

Brian

-------------------------------------------------------------------
Brian Laing
CTO
Blade Software
Cellphone: +1 650.280.2389
Telephone: +1 650 367.9376
eFax: +1 208.575.1374
Blade Software - Because Real Attacks Hurt http://www.Blade-Software.com
-------------------------------------------------------------------



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Tom
Culpepper
Sent: Wednesday, April 09, 2003 11:12 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Firewalls on IDS


I am currently running 2 NICS in my IDS machine, one for sniffing, one 
for access.  I need to know if there is any way to install a local 
firewall on the machine.  I have removed stealthed the port and have a 
recive only cable on the sniffer NIC.  The other nic is running 
normally, but needs some restriction to be safe.  I am running all of 
this on a windows 2k machine.

-tom



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost
and 
disoriented. TotalView can help you find your way. Available on major
UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost
and 
disoriented. TotalView can help you find your way. Available on major
UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost
and 
disoriented. TotalView can help you find your way. Available on major
UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list