Date: Tue, 13 Feb 2001 13:10:42 -0600 (CST) From: Nick Rogness <nick@rogness.net> To: "H. Wade Minter" <minter@lunenburg.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Getting more information from ipfw logs Message-ID: <Pine.BSF.4.21.0102131303490.92630-100000@cody.jharris.com> In-Reply-To: <Pine.BSF.4.32.0102131238170.70172-100000@ashburn.skiltech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Feb 2001, H. Wade Minter wrote: > Does snort work well with ipfw. Maybe I'm thinking of it wrong, but > wouldn't I have to let the traffic into the firewall so snort could deal > with it? yes and no, only let valid ports through for programs you are running, then let snort look at the valid packets for futher inspection. See what I mean? Why waste time looking at traffic for invalid ports? Run the firewall in front of snort, so the firewall removes useless crap, then let snort look at valid traffic, ex port 80 webserver stuff, and decide if it is a valid GET / or invalid exploit attempt. This way you get the best of both worlds. Nick Rogness <nick@rogness.net> - Keep on routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102131303490.92630-100000>