[Q] IDS, Firewalls....

Donovan J. Edye d.edye at bigfoot.com
Sat Jun 8 15:52:20 EST 2002


I have been looking at taking firmer control on my box and have implemented
snort as my IDS. I know it is working if I disable my firewall and do port
scans etc. However as it is sitting behind the firewall it never gets to see
those scans when the firewall is up. I have logging rules in my firewall for
dropped packets etc., but would prefer to have snort do the intrusion
detection for me. Reading the snort FAQs does not seem to support the

Inbound packets --> Transparent IDS (SNORT)  --> FW --> Last Line IDS

To me it would seem natural to have a transparent IDS in front of the FW and
then another behind it to catch anything that managed to get through. Is
this feasible or is there another way of doing this? My config is a standard
ppp0 dial up link with a NAT network behind it. Anyone got some pointers


-- Donovan
E-Mail: d.edye at bigfoot.com Web: www.edye.wattle.id.au/
"If I throw a stick will you go away?"
"Very funny Scotty. Now beam down my pants!"
GXExplorer - Freeware Delphi Windows Explorer Replacement
and Delphi Components www.gxexplorer.org

More information about the linux mailing list