re: Snort question
From: b. mac (aph3x@linuxmail.org)Date: 09/29/01
- Previous message: Phil Kramer: "Re: Hardware Firewall vs Software Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20010929005005.2941.qmail@linuxmail.org> From: "b. mac" <aph3x@linuxmail.org> To: SECURITY-BASICS@securityfocus.com Date: Fri, 28 Sep 2001 20:50:05 -0400 Subject: re: Snort question
from the test i ran, yes it does... however, i think it depends on which machine snort is running and which machine the firewall software is running on.
my slack box is set up to masquerade my LAN as a firewall/gateway using netfilter. i installed snort on this same machine for the test. i then ssh'd to a remote shell account and tried to telnet back into my network, which netfilter DROP's by default. snort picked up all incoming TCP packets, as did netfilter.
if snort was running on a machine other than the firewall/gateway, such as an internal host, i dont believe it would pick up the packets, as they would never be routed to the internal host.
anyone have an idea as to what might happen if the packets were REJECT'd instead of DROP'd?
cheers
--Get your free email from www.linuxmail.org
Powered by Outblaze
- Previous message: Phil Kramer: "Re: Hardware Firewall vs Software Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
