Security Basics mailing list archives

Re: locking down snort

From: Nasir Ghaznavi <nasirghaznavi () gmail com>
Date: Sun, 27 Jun 2004 05:26:52 +0500

If you are running snort on the same host then snort will be able to
see the traffic, it is below the firewall's influence and uses pcap,
doesnt bind to the ports, so it will be able to see the traffic.

Nasir Ghaznavi

On Thu, 24 Jun 2004 10:28:43 -0700, Jose Guevarra <jose () iquest ucsb edu> wrote:


Hi,

 I have some machines running snort.  I'd like to restrict ssh/http and
other access to them. However, I'm not sure if in doing so, would snort not
'grab' and analyze traffic hitting those ports.  I guess I'm asking

- if I blocked those ports from the outside world would I still detect say a
port scan on those ports?

- Who captures the packets first: Firewall(IPTABLES) or SNORT?

Thanks,

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

locking down snort Jose Guevarra (Jun 25)
- Re: locking down snort Nasir Ghaznavi (Jun 28)
- Re: locking down snort Nelson Santos (Jun 28)
- <Possible follow-ups>
- Locking down Snort Carey Myers (Jun 28)
  - Re: Locking down Snort Nelson Santos (Jun 29)
- RE: locking down snort Andrew Shore (Jun 28)