snort and iptables
Pietro Abate
abate at discus.anu.edu.au
Wed Jul 3 21:38:45 EST 2002
hi everybody.
I'm trying to setting up snort, but I'm in trouble.
Since I'm already using iptables to block unwanted traffic (with
really strict rules) when snort start sniffing on my interface it sees
only the already filtered traffic. This is the 'intrusion detection
system' mode, but I would like to use it as an 'attack detection
system'.
I guess that using tun/tap modules is it possible to do something like
this:
incoming traffic ------> eth0 (iptables) ---> my pc
\_____(snort) ---> log file
in other words, as it is possible to attach a stealth machine to a
network and use it as ids, I'm sure is possible to attach snort in front
of iptables and analyze all the traffic before blocking it.
Has anybody any thought about that ? I read docs around, but I didn't
find any suitable solution.
thx,
p
--
pgp key: 1024D/8A091922 2000-10-18
Pietro Abate <abateNoMoReSpAm at students.cs.unibo.it>
Key fingerprint = 5111 D91B 5E0C 5CE6 FDA3 5EF4 6120 E18E 8A09 1922
public key avalaible via public key server at wwwkeys.eu.pgp.net
More information about the linux
mailing list