Snort mailing list archives

RE: Snort on reverse proxy

From: "e-mail lists" <lists () darrenmackay com>
Date: Fri, 8 Feb 2002 07:13:46 +1000

Hi.

| > Can someone advise of the suitability of running snort on the
| > reverse proxy to filter requests? 
|  
| Snort doesn't filter. Check out http://hogwash.sourceforge.net
for
| snort-based filtering.

If I interpret this correctly, a request that matches a defined
signature will still be processed by the web server prior to the
connection being reset (I assume snort will RST connections upon
a match). Given time, an attacker may still be able to compromise
the system (say overnight, when notifications are unlikely to be
acted upon until the start of business the next morning)??

Do you know if hogwash will filter connections correctly if the
services it is filtering for run on the same system?

Thanks,

Darren

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort on reverse proxy e-mail lists (Feb 07)
- Re: Snort on reverse proxy Chris Green (Feb 07)
- <Possible follow-ups>
- RE: Snort on reverse proxy e-mail lists (Feb 07)