Anyone use Snort in combination with Shorewall? Thanks. Bryan __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Mon, 21 Jul 2003, Bryan H wrote:> Anyone use Snort in combination with Shorewall?Yes. Ed
At 7/22/2003 09:22 +0800, Ed.Greshko@greshko.com wrote:>On Mon, 21 Jul 2003, Bryan H wrote: > > > Anyone use Snort in combination with Shorewall? > >Yes.That''s mean. <grin> How? -- Rodolfo J. Paiz rpaiz@simpaticus.com
> > > Anyone use Snort in combination with Shorewall? > > > >Yes. > > That''s mean. <grin> > > How? > > > -- > Rodolfo J. Paiz > rpaiz@simpaticus.com >Yes, any info on the configuration would be greatly helpful. Some info on how they work together would be appreciated also. Thanks. Bryan H. __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Wed, 2003-07-23 at 14:04, Bryan H wrote:> Yes, any info on the configuration would be greatly > helpful. Some info on how they work together would be > appreciated also. Thanks.I suppose I''m a bit confused about what the question really is.... Basically, I''ve shorewall configured in a 2-interface configuration with masquerading. The FW runs all of my services. The folks on the natted network have full internet access. I installed snort. I''m only monitoring the internet interface and I''ve pared down the rules to exclude things like IIS webserver attacks since my web server is Apache. If I left all the IIS stuff in there my snort logs would grow too quickly. So, I seem to be missing something since it sounds as if things should be more difficult than what they appear to be.... Ed