Snort mailing list archives
Re: Snort forwarding/redirecting traffic based on alert
From: Abdulellah Alsaheel <cs_saheel () hotmail com>
Date: Thu, 4 Oct 2012 14:11:06 +0300
Hello, Check this I have developed it before a while and it do the same as you ask about, so it directs the traffic to a honeypot machine this for rules which have alert as action but with certain level of priority number which is changeable by the user. Please check it here and feel free to add anything to this work because unfortunately I have stopped developing it. https://github.com/cssaheel/snort-redirector Thanks, "Mr. Qoheleth" <qoheleth26 () gmail com> wrote: Hello all, I am relatively new to Snort and wanted to do some development using Snort. My goal is to put Snort in-line with the network as an IPS. I would like to forward (or re-direct) traffic matching pre-set rules to a certain computer or IP (say honeypot address or something like that) and then traffic that does not meet any of my alert rules, I would like to direct it to a different system (say another system handling my external routing out of the network.) Do you know of a way to accomplish this? i.e. Is there a way, using Snort to inspect network traffic and re-direct traffic based on various alert/rules/signatures? Thank you sooo much for your expertise!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort forwarding/redirecting traffic based on alert Mr. Qoheleth (Oct 04)
- Fwd: Snort forwarding/redirecting traffic based on alert Mr. Qoheleth (Oct 04)
- Re: Fwd: Snort forwarding/redirecting traffic based on alert AllowOverride (Oct 04)
- Re: Snort forwarding/redirecting traffic based on alert Joel Esler (Oct 04)
- <Possible follow-ups>
- Re: Snort forwarding/redirecting traffic based on alert Abdulellah Alsaheel (Oct 08)
- Fwd: Snort forwarding/redirecting traffic based on alert Mr. Qoheleth (Oct 04)