Where does the IDS sniff the packets?

Started by thomas-hn, October 07, 2020, 05:59:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 07, 2020, 05:59:33 PM
Hello,

how does the IDS (Services => Intrusion Detection) receive the incoming packets?

Is it getting the packets before the Firewall? I'm asking, because my IDS is currently listening to LAN & WAN and on the WAN side I see a lot of traffic to ports which are closed in the Firewall.

Can someone confirm please, that the IDS sniffs before the Firewall?

Thanks,

Thomas
October 08, 2020, 06:12:35 AM #1
Yes it does, firewall is in kernel, IDS bit more near nic, so you cant drop first via pf
October 09, 2020, 02:51:17 PM #2
Quote from: mimugmail on October 08, 2020, 06:12:35 AM
Yes it does, firewall is in kernel, IDS bit more near nic, so you cant drop first via pf

Not sure this is the reason, NIC drivers are part of the kernel, even if a dynamically loaded module, and also run in system mode in order to access the hardware
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
October 09, 2020, 05:43:21 PM #3
Yes, but pf comes after IPS (incoming direction), thats a fact :)
Print
Go Up Pages1
User actions