Re: Snort & iptables on the same box
From: Michael Boman (michael.boman_at_gmail.com)
Date: 06/13/05
- Previous message: H B: "Evaluating various NIPS"
- In reply to: Jean-Pierre Denis: "Snort & iptables on the same box"
- Next in thread: snort user: "Re: Snort & iptables on the same box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Jun 2005 13:58:44 +0800 To: Jean-Pierre Denis <jp@webglobe.ca>
On 6/11/05, Jean-Pierre Denis <jp@webglobe.ca> wrote:
> Hi,
>
>
> When running snort and iptables on the same box, which of the 2 act first ?
>
> Those it go thru snort and then the iptable rule allow or deny the
> connection
> or it's the other way around
Neither. Snort gets a copy of the packets from the kernel via libpcap
and it doesn't matter what iptables rules you may have enabled. The
only thing iptables have to do with snort is if you use the inline
mode (make snort an IPS) and rules that effects Snort's reporting
modules (database access etc).
Best regards
Michael Boman
-- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: H B: "Evaluating various NIPS"
- In reply to: Jean-Pierre Denis: "Snort & iptables on the same box"
- Next in thread: snort user: "Re: Snort & iptables on the same box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
