Menu
▾
▴
Re: [Snort-inline-users] FW: flow of packet from iptable to snort_inline
|
From: C.G.Senthilkumar. <che...@cs...> - 2005-05-17 03:09:24
|
This is my understanding.. 'cos snort-inline matches rules against contents of packets, all packets need to be passed to snort-inline. If a decision can be made to drop a connection based on the 3-way handshake packets, iptables can do that and there is no need for snort-inline. Thanks Senthil. On Mon, 16 May 2005, Schott, Erik J Mr ANOSC/FCBS wrote: > Forwarded. > > -----Original Message----- > From: saurabha [mailto:sau...@fu...] > Sent: Saturday, May 14, 2005 6:00 AM > To: foc...@se... > Subject: flow of packet from iptable to snort_inline > > > Hi, > > I have query about flow of packets from iptables to snort_inline. > > Problem discription: > ------------------- > Assuming that iptables have filters to allow tcp packets, now since > the incomming packets (tcp) are permitted, iptables will maintain > session information in stateful inspection table. > > I want to know if iptable send all incomming packets to snort_inline > or it sends only first few packets. > > In case of TCP, does iptables send packets only till 3 way handshake > is done(before entry is made into stateful table), or it sends all > packets for that connection to snort_inline. > > Thanks & Regards > Saurabh Agrawal |
