Re: flow of packet from iptable to snort_inline
From: Will Metcalf (william.metcalf_at_gmail.com)
Date: 05/16/05
- Previous message: Fergus Brooks: "Checkpoint SmartDefense"
- In reply to: saurabha: "flow of packet from iptable to snort_inline"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 May 2005 14:48:25 -0500 To: saurabha@future.futsoft.com
iptables will send whatever you tell it to the QUEUE target.
Regards,
Will
On 5/14/05, saurabha <saurabha@future.futsoft.com> wrote:
> Hi,
>
> I have query about flow of packets from iptables to snort_inline.
>
> Problem discription:
> -------------------
> Assuming that iptables have filters to allow tcp packets, now since
> the incomming packets (tcp) are permitted, iptables will maintain
> session information in stateful inspection table.
>
> I want to know if iptable send all incomming packets to snort_inline
> or it sends only first few packets.
>
> In case of TCP, does iptables send packets only till 3 way handshake
> is done(before entry is made into stateful table), or it sends all
> packets for that connection to snort_inline.
>
> Thanks & Regards
> Saurabh Agrawal
>
> ***************************************************************************
> This message is proprietary to Future Software Limited (FSL)
> and is intended solely for the use of the individual to whom it
> is addressed. It may contain privileged or confidential information
> and should not be circulated or used for any purpose other than for
> what it is intended.
>
> If you have received this message in error, please notify the
> originator immediately. If you are not the intended recipient,
> you are notified that you are strictly prohibited from using,
> copying, altering, or disclosing the contents of this message.
> FSL accepts no responsibility for loss or damage arising from
> the use of the information transmitted by this email including
> damage from virus.
> ***************************************************************************
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Fergus Brooks: "Checkpoint SmartDefense"
- In reply to: saurabha: "flow of packet from iptable to snort_inline"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
