Snort mailing list archives
Re: Basics of setting up an inline snort installation
From: Heine Lysemose <lysemose () gmail com>
Date: Thu, 9 Feb 2012 18:49:22 +0100
You need to set the two interfaces in promiscuous mode. I haven't got a guide right here. But try google Snort inline or look in the Snort manual... /Lysemose On Feb 9, 2012 6:34 PM, "Dave Kelly" <bigdavekelly () googlemail com> wrote:
Thanks, that might make a bit more sense! So the two interfaces that are bridging don't need IP addresses? I haven't seen a guide to setting this up anywhere, do you know of one? Dave. On Thu, Feb 9, 2012 at 4:21 PM, Heine Lysemose <lysemose () gmail com> wrote:Hi, To setup Snort as inline you need 3 network interface and pass yourtrafficthrough a bridge between 2 of the interfaces and a 3. for administration. You can start Snort with -Q to enable inline. /Lysemose On Feb 9, 2012 4:23 PM, "Dave Kelly" <bigdavekelly () googlemail com>wrote:Hello, I'm going to try setting up a new inline configuration, I've only tried passive before but would like Snort to be able to drop packets it says are bad. I'm trying to work out the IP addressing for it. At the moment, I have all my machines in 192.168.1.0/24 with a router at 192.168.1.1 and a mirrored port on the switch sending all traffic to snort. It's pretty similar to the Ubuntu getting started guide in the docs ("Snort 2.9.2.0 on Ubuntu 10.04 LTS"). I think that to move snort to inline I'm going to need to give it a proper IP address and have the traffic pass through it but I can't quite work out how to do that without reconfiguring all the hosts to have new gateway addresses etc. Any hints to get me going would be much appreciated. Dave.------------------------------------------------------------------------------Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latestSnortnews!------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Basics of setting up an inline snort installation Dave Kelly (Feb 09)
- Re: Basics of setting up an inline snort installation Heine Lysemose (Feb 09)
- Re: Basics of setting up an inline snort installation Dave Kelly (Feb 09)
- Re: Basics of setting up an inline snort installation Heine Lysemose (Feb 09)
- Re: Basics of setting up an inline snort installation PS (Feb 09)
- Re: Basics of setting up an inline snort installation Russ Combs (Feb 09)
- Re: Basics of setting up an inline snort installation PS (Feb 09)
- Re: Basics of setting up an inline snort installation PS (Feb 09)
- Re: Basics of setting up an inline snort installation Heine Lysemose (Feb 09)
- Re: Basics of setting up an inline snort installation Dave Kelly (Feb 09)
- Re: Basics of setting up an inline snort installation Dave Kelly (Feb 09)
- Re: Basics of setting up an inline snort installation Heine Lysemose (Feb 09)