Hi,
I have query about flow of packets from iptables to snort_inline.
Problem discription:
-------------------
Assuming that iptables have filters to allow tcp packets, now since
the incomming packets (tcp) are permitted, iptables will maintain
session information in stateful inspection table.
I want to know if iptable send all incomming packets to snort_inline
or it sends only first few packets.
In case of TCP, does iptables send packets only till 3 way handshake
is done(before entry is made into stateful table), or it sends all
packets for that connection to snort_inline.
Thanks & Regards
Saurabh Agrawal
***************************************************************************
This message is proprietary to Future Software Limited (FSL)
and is intended solely for the use of the individual to whom it
is addressed. It may contain privileged or confidential information
and should not be circulated or used for any purpose other than for
what it is intended.
If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient,
you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message.
FSL accepts no responsibility for loss or damage arising from
the use of the information transmitted by this email including
damage from virus.
***************************************************************************
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
