IDS mailing list archives
Re: how to build an inline ids?
From: "Gregory Perry" <gvp () cadreng com>
Date: Sat, 16 Nov 2002 18:10:32 -0600
Use FreeBSD or OpenBSD in a layer-2 bridge configuration; basically an x86 machine with two NICs, one "external" and one "internal". Put this box directly after your connection to the 'net, and in front of any machines that you want to protect. Don't assign IP addresses to those two interfaces if you are really paranoid, have snort listen on the external NIC. You can also use this as a transparent firewall, and with a third party add-on such as hogwash you can do more advanced things like active blocking of attacks. --------------------------------- "Any sufficiently advanced technology is indistinguishable from magic" -- Arthur C. Clarke The following message was sent by spy guy <spyguy703 () earthlink net> on 15 Nov 2002 15:00:45 -0800.
I have a question and I was hoping someone could help. Is it possible to build an x86 based PC as an in-line IDS? I want to install Snort IDS at home, but have no taps or equipment that can mirror/span ports. Can I build a Linux PC with 2 nics and put it inline between my firewall and adsl modem? I would like to have the NIC's in some sort of 'Stealth mode', so that no IP's are needed and thus my network config will not change. I just want the NIC's to pass traffic in both directions and then run snort to monitor the traffic on both. Is there a way to do this?
Current thread:
- how to build an inline ids? spy guy (Nov 16)
- Re: how to build an inline ids? Milos Urbanek (Nov 17)
- Re: how to build an inline ids? buzzdee (Nov 17)
- <Possible follow-ups>
- Re: how to build an inline ids? Gregory Perry (Nov 17)