locking down snort

From: blaqb0x (blaqb0x_at_netscape.net)
Date: 06/24/04 

Date: 24 Jun 2004 13:34:15 -0700

Hi,

 I have some machines running snort. I'd like to restrict ssh/http
and other access to them. However, I'm not sure if in doing so, would
snort not 'grab' and analyze traffic hitting those ports. I guess I'm
asking

- if I blocked those ports from the outside world with IPTBLES would I
still detect say a port scan on those ports?

- Who captures the packets first: Firewall(IPTABLES) or SNORT?

Thanks,

Relevant Pages

  • Re: girl in destress!!
    ... proxies on non-standard ports, so any "sniffer" programs, such as ... Snort, will not be able to monitor you. ... I used to run open socks and HTTP proxies on non ... HTTP on 8930, corporate admins never got wise to what was ...
    (comp.security.firewalls)
  • RE: Detecting trojans on random ports with encrypted traffic...
    ... Isn't this similar to what SPADE does in snort? ... >>> Intrusion Detection does not have to rely on signatures ... >>> detect connections from and to ports that you normally ... >>> counting any connections that are normal like virus scanner ...
    (Focus-IDS)
  • RE: Which intrusion detection to use?
    ... > deny access to all unused ports to the world there will be no ... Snort does not care ... while I would get ipfw dropping packets in my logs, ... If you want a good book I'd recommend "Building Internet Firewalls" by ...
    (FreeBSD-Security)
  • RE: Any comments on using SNORT
    ... routers use switched ports. ... the hub ports for your snort box and other machines it might work. ... snort can be configured on one of the open ports of the router. ...
    (Security-Basics)
  • RE: Any comments on using SNORT
    ... Any comments on using SNORT ... If you set up a snort box between your dsl modem and linksys wan port, ... If you want to put your snort box on a hub in ... Make darn sure the snort box doesn't have any open ports and is ...
    (Security-Basics)