Snort mailing list archives
Re: snort sensor on virtual machine...[?]
From: Paul Marin <pmarinh45 () gmail com>
Date: Wed, 11 Apr 2012 12:03:56 -0430
Hi, I am not completely sure, but I believe you cannot set up a virtual nic for capturing packets from a SPAN/mirror port since you don't have direct physical access to the port. This is something i tried to accomplish in VMware ESXi and i couldn't. I don't know if others virtualization software can do that. (Someone please correct me if I'm wrong). So, this is something to take in count when running snort in a vm. By other hand, snort tends to consume a lot of CPU resources. So, maybe it's better to dedicate a whole server to snort instead of sharing it with others apps. However, if you are planning to run add-on tools like sguil or snortsam, the sguil-server and the snortsam-agent components can surely be run in virtual enviroments. Kindly, Paul El 11/04/2012 10:52 a.m., Corbin Fletcher escribió:
Greetings Snort community, I am a member of a small team who operates a data center. Our company provides VoIP services for corporations. We utilize primarily open source application. We run Debian and CentOS, FreeSwitch, OpenSIP, MySQL Elastix, FreePBX, Proxmox, etc. We receive a good number of SIP brute force attacks, and other security breaches on our network. And this is the reason for my email. As a team we have agreed to implement a Snort sensor as a NIDS. We are currently not running any IDS and we rely on analyzing logs to be alerted to our network attacks. I would like to install a Snort sensor at the edge of our network on its own dedicate machine and have it sniff all network traffic. Another team member wants to run Snort on a Proxmox cluster in a virtual environment. Can anyone advise about the pros and cons for each approach? Or, could someone please advise on best practices for implementing a Snort sensor on our network? Thanks in advance. ~Corbin ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort sensor on virtual machine...[?] Corbin Fletcher (Apr 11)
- Re: snort sensor on virtual machine...[?] Jefferson, Shawn (Apr 11)
- Re: snort sensor on virtual machine...[?] Paul Marin (Apr 11)
- Re: snort sensor on virtual machine...[?] Paul Marin (Apr 11)
- Re: snort sensor on virtual machine...[?] Mike Hale (Apr 11)
- Re: snort sensor on virtual machine...[?] Paul Marin (Apr 11)
- Re: snort sensor on virtual machine...[?] Jefferson, Shawn (Apr 11)
- Re: snort sensor on virtual machine...[?] Corbin Fletcher (Apr 11)
- Re: snort sensor on virtual machine...[?] Mike Hale (Apr 11)
- Re: snort sensor on virtual machine...[?] Mike Hale (Apr 11)
- Re: snort sensor on virtual machine...[?] Jefferson, Shawn (Apr 11)