Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Sun May 27 2001 - 14:41:09 CDT
Have you tested by attempting to run scans/exploits against your own box
from an external source? If so, did Snort record the activity?
"w1re p4ir" <w1rep4irdisinfo.net>
Subject: Snort and IPChains
I'll keep this short and sweet folks. I've noticed my machine at work
running snort without ipchains gets well lots of attacks, which i expect.
But what i don't understand is why my machine at home. Oh yeah both RedHat
7.0 (secured). Well anyways my machine at home is running IPCHAINS and
snort. The snort rules are exactly the same. Yet I get no attacks on a
cable modem. Something is wrong here, very very wrong. I'm on cable i
should be seeing 40x more attacks. So my question: Does the kernel
intercept the packets first and discard them. Or is snort broken and being
a pain? I got into a conversation with a co-worker and they said the
ethernet cards in promisc mode and should intercept *. But yet, it is not?
FREE Disinformation E-book - http://www.disinfo.com