IDS mailing list archives

Re: how to build an inline ids?

From: buzzdee <reitenba () fh-brandenburg de>
Date: Mon, 18 Nov 2002 07:04:40 +0100

Am Samstag 16 November 2002 00:00 schrieb spy guy:

I have a question and I was hoping someone could help.

Is it possible to build an x86 based PC as an in-line IDS?

I want to install Snort IDS at home, but have no taps or equipment that
can mirror/span ports.

Can I build a Linux PC with 2 nics and put it inline between my firewall
and adsl modem?

I would like to have the NIC's in some sort of 'Stealth mode', so that
no IP's are needed and thus my network config will not change. I just
want the NIC's to pass traffic in both directions and then run snort to
monitor the traffic on both.

Is there a way to do this?

yes, configure this box as a bridge (your 2 NIC's in stealth mode) without 
any IP attached to this interfaces, so that any traffic has to go through 
that box and you can inspect it with snort. possibliy you want to 
administrate the box remotely then plug a third NIC into the box with a IP 
assigned to it.

hth

Current thread:

how to build an inline ids? spy guy (Nov 16)
- Re: how to build an inline ids? Milos Urbanek (Nov 17)
- Re: how to build an inline ids? buzzdee (Nov 17)
- <Possible follow-ups>
- Re: how to build an inline ids? Gregory Perry (Nov 17)