Security Basics mailing list archives
Re: Passive Snort Setup
From: Javier Reyna <jreyna () onlinet com mx>
Date: Thu, 19 Feb 2009 21:48:24 -0600
Sure you can, you can check snort_inline project, altough, snort up to 2.4 ( I think so) has part of snort_inline code so using th -Q switch, yo can set snort as an IPS. You need first to setup a bridge in those interfaces, iptables must send the traffic to snort, then snort with the -Q switch or snort_inline will receive the traffic, and work as always, now you can use "drop" as a new action in your rules. this escenario works too in FreeBSD using ipfilter things change a little of course. On Fri, Feb 20, 2009 at 11:19:08AM +1100, Daniel Hood wrote:
Is it possible to set up a Snort IDS system with a topology like this: hosts > switch > Snort-IDS > Router But, have no ip address on either interface of the snort box and it just forward packets through after checking them for malicious activity? I don't want the snort box to do NAT or be the default gateway, I just want it to passively be there. Daniel
-- Saludos! ________________ Javier Reyna CCSE WCSE ISS-CS NSP JNCIA-FWV ,,__ o" )~ ''''
Current thread:
- Passive Snort Setup Daniel Hood (Feb 19)
- Re: Passive Snort Setup Ivan . (Feb 19)
- Re: Passive Snort Setup Ray Van Dolson (Feb 19)
- Message not available
- Fwd: Passive Snort Setup Daniel Hood (Feb 20)
- RE: Passive Snort Setup Gould, Scott (Feb 20)
- Message not available
- Re: Passive Snort Setup Javier Reyna (Feb 19)
- RE: Passive Snort Setup Jeremi Gosney (Feb 20)
- Re: Passive Snort Setup Michal Purzynski (Feb 20)