Re: Running snort on a firewall - advisable?

To: debian-firewall@lists.debian.org
Subject: Re: Running snort on a firewall - advisable?
From: Frederik Schueler <fs@lowpingbastards.de>
Date: Tue, 2 Apr 2002 19:59:20 +0200
Message-id: <[🔎] 20020402175920.GA20320@lowpingbastards.de>
In-reply-to: <[🔎] Pine.LNX.3.96.1020402103611.32727A-100000@xwing.xwing.org>
References: <[🔎] Pine.LNX.3.96.1020402103611.32727A-100000@xwing.xwing.org>

On Tue, Apr 02, 2002 at 10:40:25AM -0500, Nick Busigin wrote:
> I had a discussion recently with a fellow sysadmin regarding the wisdom
> of running snort on a firewall machine.

If it is a linux 2.4.x firewall, snort (at least 1.7 from testing) will 
not see any of the dropped packets. I experienced this after upgrading 
the kernel of my ADSL router and allowing only related and established 
connections incoming dropping the rest.

See also http://www.snort.org/docs/faq.html#4.3 on this, and 
http://www.snort.org/docs/faq.html#2.3 

regards 
FS

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Running snort on a firewall - advisable?
  - From: Nick Busigin <nick@xwing.org>

Prev by Date: Re: Running snort on a firewall - advisable?
Next by Date: ADSL in France
Previous by thread: Re: Running snort on a firewall - advisable?
Next by thread: ADSL in France
Index(es):
- Date
- Thread