[Snort-users] snort and firewall all in one machine

Peggy Kam ppkam at ...11126...
Thu May 13 07:56:01 EDT 2004


I have already set up snort to monitor the external and internal 
interfaces.  I have already opened my firewall and I already have the 
ips for int and ext interfaces under homenet, however, I could only see 
the packets coming in from the ext. interface, nothing was seen in the 
internal interface.  Please advice.

Thanks,
Peggy

Harper, Patrick wrote:

>You need to have snort listening on your inside interface.  It uses
>libpcap so it see's traffic at the same time as the firewall.
>
>
>-----Original Message-----
>From: Peggy Kam [mailto:ppkam at ...11126...] 
>Sent: Thursday, May 13, 2004 7:52 AM
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] snort and firewall all in one machine
>
>Hi,
>
>I am currently running the firewall and snort within the same machine;
>and snort is having its detections before firewall blocks the packets.  
>I would like to use snort to test if my firewall actually blocks the
>packets launched by attackers.  Would anyone give me some advice on how
>I could configure IDS to do its detections after the firewall blocks the
>packets by its rules?
>
>Thanks in advance,
>Peggy
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now
>for SourceForge Broadband and get the fastest
>6.0/768 connection for only $19.95/mo for the first 3 months!
>http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>Disclaimer:
>This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 
>
>
>
>  
>





More information about the Snort-users mailing list