Re: Snort question
From: Kath (kath@kathweb.net)Date: 09/27/01
- Previous message: Steve Tai: "IIS security defense"
- In reply to: Claudiu Ionescu: "Snort question"
- Next in thread: J Troy Piper: "Re: Snort question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <001101c146f6$d45dc9e0$82e53181@resnet.sunysb.edu> From: "Kath" <kath@kathweb.net> To: "Claudiu Ionescu" <jones@rdsnet.ro>, "Security Basics" <SECURITY-BASICS@SECURITYFOCUS.COM> Subject: Re: Snort question Date: Wed, 26 Sep 2001 21:50:47 -0400
I don't believe so, because ipchains/tables works closer to the kernel level
and I think the packet would have to go through the kernel before being able
to go to the snort filters.
If you want to be logging ipchains/tables, add -l to the end to log things
that fit the rule (However, watch out on some rules, as you could get a huge
file to have to go through).
- k
----- Original Message -----
From: "Claudiu Ionescu" <jones@rdsnet.ro>
To: "Security Basics" <SECURITY-BASICS@SECURITYFOCUS.COM>
Sent: Wednesday, September 26, 2001 4:03 AM
Subject: Snort question
> Hi all,
> Premises: a Linux box with two NICs working as a router and packet
filtering
> device (ipchains or iptable) for a small network behind it. Snort
installed on
> it.
> Question: Would packets that are dropped by the filtering rules reach
snort?
> Please explain your answer. Thank you.
- Previous message: Steve Tai: "IIS security defense"
- In reply to: Claudiu Ionescu: "Snort question"
- Next in thread: J Troy Piper: "Re: Snort question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
