Security Basics mailing list archives
Re: Passive Snort Setup
From: "Ivan ." <ivanhec () gmail com>
Date: Fri, 20 Feb 2009 14:40:54 +1100
hogwash may be your answer. If I recall correctly there may be something based on Snort that works inline http://hogwash.sourceforge.net/docs/setting.html Inline Scrubber Mode In Inline Scrubber Mode, Hogwash actively filters exploits from traffic. It can forge resets, drop the packet, or modify the packet in transit to defeat an attack. Hogwash can manage up to 16 different interfaces at one time. Hogwash is completely transparent, so there is no need to configure your existing network to install hogwash. Simply build the box, plug the existing ethernet cable into the Hogwash box, and plug a crossover cable into the jack that the old ethernet cable went into. There are a number of routing options available, but most people simply use Hogwash as a packet filter. Typical Network Diagram in Inline Scrubber Mode: On Fri, Feb 20, 2009 at 11:19 AM, Daniel Hood <dsmhood () gmail com> wrote:
Is it possible to set up a Snort IDS system with a topology like this: hosts > switch > Snort-IDS > Router But, have no ip address on either interface of the snort box and it just forward packets through after checking them for malicious activity? I don't want the snort box to do NAT or be the default gateway, I just want it to passively be there. Daniel
Current thread:
- Passive Snort Setup Daniel Hood (Feb 19)
- Re: Passive Snort Setup Ivan . (Feb 19)
- Re: Passive Snort Setup Ray Van Dolson (Feb 19)
- Message not available
- Fwd: Passive Snort Setup Daniel Hood (Feb 20)
- RE: Passive Snort Setup Gould, Scott (Feb 20)
- Message not available
- Re: Passive Snort Setup Javier Reyna (Feb 19)
- RE: Passive Snort Setup Jeremi Gosney (Feb 20)
- Re: Passive Snort Setup Michal Purzynski (Feb 20)