Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Network kernels params recommendations for snort_inlin

from [carlopmart] Network Security [Permanent Link]
Subject: Re: [Snort-users] Network kernels params recommendations for snort_inline with nfqueue
Date: Thu, 10 Jul 2008 09:45:49 +0200 
Thanks Will ... But I have this rule on my iptables script. My "iptables -vL"

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               
destination 

     0     0 DROP       all  --  any    any     172.17.35.2          anywhere 

    15  1437 DROP       all  --  any    any     silmarillion.hpulabs.org 
anywhere
19914   24M IPS-Firewall-INPUT  all  --  any    any     anywhere 
anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               
destination 

     0     0 DROP       all  --  any    any     172.17.35.2          anywhere 

     0     0 DROP       all  --  any    any     silmarillion.hpulabs.org 
anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               
destination 

15374 2174K IPS-Firewall-OUTPUT  all  --  any    any     anywhere 
anywhere

Chain IPS-Firewall-INPUT (1 references)
  pkts bytes target     prot opt in     out     source               
destination 

   753  902K ACCEPT     all  --  lo     any     anywhere             anywhere 

19034   24M NFQUEUE    all  --  any    any     anywhere             anywhere 
         state RELATED,ESTABLISHED NFQUEUE num 0
     0     0 NFQUEUE    tcp  --  any    any     anywhere             anywhere 
          state NEW tcp dpt:ssh NFQUEUE num 0
     0     0 NFQUEUE    tcp  --  any    any     anywhere             anywhere 
          state NEW tcp dpt:http NFQUEUE num 0
   127  3556 REJECT     all  --  any    any     anywhere             anywhere 
          reject-with icmp-host-prohibited

Chain IPS-Firewall-OUTPUT (1 references)
  pkts bytes target     prot opt in     out     source               
destination 

15374 2174K NFQUEUE    all  --  any    any     anywhere             anywhere 
         NFQUEUE num 0

Will Metcalf wrote:

Victors recomendations are fine....

Add the following to the top of your iptables script, you shouldn't be
sending loopback traffic to snort_inline

iptables -A INPUT -i lo -j ACCEPT




-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Network kernels params recommendations for snort_inline with nfqueue, Will Metcalf
Next by Date:  [Snort-users] snort ... so where from here, Brent Clark
Previous by Thread:  Re: [Snort-users] Network kernels params recommendations for snort_inline with nfqueue, Will Metcalf
Next by Thread:  [Snort-users] WEB-CLIENT Excel malformed FBI record - False positive?, Jesper Skou Jensen
Indexes:  [Date] [Thread] [Top] [All Lists]