flow of packet from iptable to snort_inline

From: saurabha (saurabha_at_future.futsoft.com)
Date: 05/14/05

  • Next message: ctooker_at_ti.parmapatas.net: "Re: Snort & email"
    To: <focus-ids@securityfocus.com>
    Date: Sat, 14 May 2005 18:29:57 +0530
    
    

    Hi,

    I have query about flow of packets from iptables to snort_inline.

    Problem discription:
    -------------------
    Assuming that iptables have filters to allow tcp packets, now since
    the incomming packets (tcp) are permitted, iptables will maintain
    session information in stateful inspection table.

    I want to know if iptable send all incomming packets to snort_inline
    or it sends only first few packets.

    In case of TCP, does iptables send packets only till 3 way handshake
    is done(before entry is made into stateful table), or it sends all
    packets for that connection to snort_inline.

    Thanks & Regards
    Saurabh Agrawal

    ***************************************************************************
    This message is proprietary to Future Software Limited (FSL)
    and is intended solely for the use of the individual to whom it
    is addressed. It may contain privileged or confidential information
    and should not be circulated or used for any purpose other than for
    what it is intended.

    If you have received this message in error, please notify the
    originator immediately. If you are not the intended recipient,
    you are notified that you are strictly prohibited from using,
    copying, altering, or disclosing the contents of this message.
    FSL accepts no responsibility for loss or damage arising from
    the use of the information transmitted by this email including
    damage from virus.
    ***************************************************************************

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: ctooker_at_ti.parmapatas.net: "Re: Snort & email"

    Relevant Pages

    • X & Gnome crashes the system with iptables
      ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
      (comp.os.linux.setup)
    • X & Gnome crashes the system with iptables
      ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
      (alt.linux)
    • X & Gnome crashes the system with iptables
      ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
      (comp.os.linux.security)
    • X & Gnome crashes the system with iptables
      ... kernel 2.4.21, ... I spent a lot of time to write rules for iptables to obtain a good firewall. ... # Support for connection tracking ... packets are denied until ...
      (comp.os.linux.x)
    • PPPOE xDSL Firewall with IPTABLES
      ... don't know how to modify my firewall to account for this. ... Starts and stops the IPTABLES packet filter \ ... # Kill malformed XMAS packets ... # server/client to server query or response ...
      (comp.os.linux.networking)