Snort mailing list archives

RE: snort behind firewall ??

From: "Hawrylkiw, Dan G" <dan.g.hawrylkiw () intel com>
Date: Wed, 2 May 2001 08:28:20 -0700


I'm trying an impromptu experiment.  I have a few servers behind a 3 NIC
ipchains box (one IF to Internet, DMZ, and experimental segment).  I have
snort running on the firewall and have added another snort box to listen on
the Internet side as well.  Therefore, both snort installations will be
listening on the same network segment via a hub. I probably won't get around
to trying several attacks, but I will be able to report if both boxes alert
on the same traffic.  Both boxes are running Snort 1.8 (same cvs ver) and
the same vision ruleset.

/Dan Hawrylkiw   RHCE
Server Specialist
Intel Corp. / Home Products Group
                

 
-----Original Message-----
From: Jason Opperisano [mailto:jopperisano () netcriticalgroup com]
Sent: Tuesday, May 01, 2001 6:40 PM
To: 'Josh Oshiro'
Cc: snort-users
Subject: RE: [Snort-users] snort behind firewall ??


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OpenBSD 2.7 i386
IP Filter: v3.3.16
Snort Version 1.7

Default deny everything on xl1 (external NIC)

Running snort on xl1

Snort sees everything--I can actually see attacks reported by snort
in the alert file and then go find where IPF dropped the packet in
its log file.

Jason

- -----Original Message-----
From: Josh Oshiro [mailto:josh () silicondefense com]
Sent: Monday, April 30, 2001 2:13 PM
To: ./
Cc: Robert D. Hughes; snort-users
Subject: Re: [Snort-users] snort behind firewall ??

It is up in the air right now wether or not snort can see packets
before
the firewall drop them. It seems  it is system dependant. I would
like
to take a poll of who can snort through there firewall and who can't.
We'll need to know what kernal you are using, how it's configured,
what
firewall your using, how it's configures, and what os your using.

- -- 
josh () silicondefense com
Snort Support
Silicon Defense

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: snort behind firewall ?? ./ (Apr 29)
- <Possible follow-ups>
- Re: snort behind firewall ?? ./ (Apr 29)
  - Re: snort behind firewall ?? Dan Hollis (Apr 29)
  - Re: snort behind firewall ?? Josh Oshiro (Apr 30)
    - RE: snort behind firewall ?? Jason Lewis (Apr 30)
    - Re: snort behind firewall ?? Andre Goeree (May 01)
    - Re: snort behind firewall ?? Security (May 01)
    - RE: snort behind firewall ?? Martijn Heemels (May 01)
- RE: snort behind firewall ?? Jason Opperisano (May 01)
- RE: snort behind firewall ?? Hawrylkiw, Dan G (May 02)
  - Sound Alerting Preprocessor Andrea Barisani (May 02)