IDS mailing list archives
Re: Bridge IDS
From: Nick Black <dank () qemfd net>
Date: Thu, 5 Aug 2004 13:34:11 -0400
Lee Sheng assumed the extended riemann hypothesis and showed:
Perhaps this is silly question, however I wanna know that if bridge firewall can be done, how about building a bridge IDS. I know there is snort-inline(consoder IPS) that we can use but what I mean is just snort without patching. Using three network interface, two for building a bridge and one for console. Can it be done? Tap is far too expensive for
Our product functions as either a bridge or an end-node. In bridging capability, one can choose to do per-packet filtering (IPS mode) or not (IDS mode). The advantages of retaining IDS bridging capability is twofold: a) initial configuration/demoing/evaluation can be done without worries that overzealous IPS settings will filter on false positives, and b) it guarantees that all traffic has been analyzed; if the IDS is overloaded, the packet doesn't get through the bridge. In order to ensure our configuration/reporting is never filtered, we use a third interface as the 'management interface', as you describe. So, I'm not sure whether snort-inline has this mode, but I know it can be done :). -- nick black "np: the class of dashed hopes and idle dreams." free hearts, free foreheads -- you and i are old; old age hath yet his honour and his toil; death closes all: but something ere the end, some work of noble note, may yet be done, not unbecoming men that strove with gods. (tennyson) -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Bridge IDS Lee Sheng (Aug 05)
- RE: Bridge IDS Jeff Dell (Aug 05)
- Re: Bridge IDS David W. Goodrum (Aug 05)
- Re: Bridge IDS Olli Jarva (Aug 05)
- Re: Bridge IDS Stephen Samuel (Aug 05)
- Re: Bridge IDS Nick Black (Aug 06)
- <Possible follow-ups>
- RE: Bridge IDS Dan Denton (Aug 05)
- RE: Bridge IDS DeGennaro, Gregory (Aug 05)
- RE: Bridge IDS DeGennaro, Gregory (Aug 06)