Re: Snort & iptables on the same box
From: Michael Boman (michael.boman_at_gmail.com)
Date: 06/15/05
- Previous message: Kohlenberg, Toby: "RE: on NIDS/NIPS tuning"
- In reply to: Will Metcalf: "Re: Snort & iptables on the same box"
- Next in thread: Joachim Schipper: "Re: Snort & iptables on the same box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Jun 2005 06:43:53 +0800 To: focus-ids@securityfocus.com
On 6/14/05, Will Metcalf <william.metcalf@gmail.com> wrote:
> snort rely's on the QUEUE target in iptables to receive its data.
Only in inline (IPS) mode. As an IDS it uses libpcap to recieve data
and doesn't care what firewall rules you have in place.
Best regards
Michael Boman
-- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: Kohlenberg, Toby: "RE: on NIDS/NIPS tuning"
- In reply to: Will Metcalf: "Re: Snort & iptables on the same box"
- Next in thread: Joachim Schipper: "Re: Snort & iptables on the same box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
