From owner-freebsd-security Tue Feb 13 13:55:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from core.atomicbluebear.org (core.atomicbluebear.org [64.4.83.19]) by hub.freebsd.org (Postfix) with ESMTP id 4C0F437B491 for ; Tue, 13 Feb 2001 13:55:29 -0800 (PST) Received: (qmail 72593 invoked by uid 1001); 13 Feb 2001 21:55:17 -0000 Date: Tue, 13 Feb 2001 15:55:17 -0600 From: Michael Lea To: "H. Wade Minter" Cc: Nick Rogness , freebsd-security@FreeBSD.ORG Subject: Re: Getting more information from ipfw logs Message-ID: <20010213155515.C71046@core.atomicbluebear.org> Mail-Followup-To: "H. Wade Minter" , Nick Rogness , freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="F8dlzb82+Fcn6AgP" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from minter@lunenburg.org on Tue, Feb 13, 2001 at 12:39:17PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --F8dlzb82+Fcn6AgP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, 13 Feb 2001, H. Wade Minter wrote: > Does snort work well with ipfw. Maybe I'm thinking of it wrong, but > wouldn't I have to let the traffic into the firewall so snort could deal > with it? Snort runs in promiscuous mode. That means that, if you're running it on the same box as ipfw, snort will see the packets regardless of whether ipfw passes them through to the rest of the IP stack or not. - Mike --F8dlzb82+Fcn6AgP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjqJrT8ACgkQc9EFi4qQZExn8QCgjLriNx2m4CSZkvAPadFzG6mv f2EAoIHeT4UZUDeI55gU9ZSe9cocW+oq =9aA0 -----END PGP SIGNATURE----- --F8dlzb82+Fcn6AgP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message