Results 1 to 2 of 2

Thread: What does it mean when "Snort" runs on a port??

  1. #1
    Junior Member
    Join Date
    Aug 2004

    What does it mean when "Snort" runs on a port??

    How can IDS run on a port? Does it server as intermediary between the attacker (connection) and a process? If it runs on some random port "as a process" how can it then "see" all the other connections made to other ports?
    \"Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding...\"

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Memphis, TN
    A IDS system doesn't really run on just a port, it runs on a whole server, usually in front of all your computers before the switch or router.

    So it would look like this

    WAN Connection --> Snort --> Router/Server ---> Switch

    or somethign similiar to that.

    Snort or any other IDS listens on all ports and monitors all traffic for the rules you specify it to watch for.

    So in other words all the traffic must pass through one box which has the IDS system on it in, before the internet traffic is branched off to the other computers, in order for the IDS to be used effectively.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts