Snort mailing list archives

RE: IDS Load Balancer

From: "Richard Bejtlich" <taosecurity () gmail com>
Date: Mon, 27 Feb 2006 08:50:12 -0500

Angel R wrote:

    I'm going to start a project to implement an end to end IDS solution in a data
center. My problem is that high traffic rate in the data center leads me to use
an load balancer to balance the traffic to multiple Snort servers. I'll be thankful
if you help me to find a proper [including commercial] solution.


Hello,

You can build a simple traffic inspection splitter using commodity
hardware and the Pf firewall.  I explain it in my book Extrusion
Detection (www.extrusiondetection.com).  An excerpt, published on my
blog, demonstrates the idea:

http://taosecurity.blogspot.com/2005/07/distributed-traffic-collection-with-pf.html

Sincerely,

Richard


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IDS Load Balancer Angel R (Feb 26)
- Re: IDS Load Balancer barryab63-ia (Feb 27)
  - Re: IDS Load Balancer Jeff Coppock (Feb 28)
- <Possible follow-ups>
- RE: IDS Load Balancer Briggs, Bruce (Feb 26)
  - RE: IDS Load Balancer Angel R (Feb 26)
    - Re: IDS Load Balancer Gulfie (Feb 27)
- RE: IDS Load Balancer Richard Bejtlich (Feb 27)