Snort mailing list archives
Re: Alerts with the incorrect Source IP (proxy server)
From: beenph <beenph () gmail com>
Date: Thu, 25 Oct 2012 07:04:39 -0400
On Thu, Oct 25, 2012 at 6:57 AM, Heine Lysemose <lysemose () gmail com> wrote:
Hi I have had some of the same issues and still have. Another solution was to use transparent proxy. I'm not able to do this on out TMG server which in a setup as transparent proxy also should be the default gateway which is not the case in our network setup. Could a another solution be, since barnyard is not altering the packets, to have a options in the GUI (Snorby, Squil, Squert) frontends to select weather or not to switch the "Orig IP" with the "XFF IP". This will of course only work if Barnyard2 will start population the XFF/EXTRA DATA into to the database. Maybe this will be part of the new database schema?
Yeppers, the new schema will natively support IPV6,EXTRA_DATA thus will correctly log them without an issue. -elz ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Alerts with the incorrect Source IP (proxy server) Turnbough, Bradley E. (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Jeremy Hoel (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Joel Esler (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Turnbough, Bradley E. (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) beenph (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Jeremy Hoel (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Eric G (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Heine Lysemose (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) beenph (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Heine Lysemose (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Joel Esler (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Jeremy Hoel (Oct 24)
- Re: Alerts with the incorrect Source IP (proxy server) Bamm Visscher (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Joel Esler (Oct 25)
- Re: Alerts with the incorrect Source IP (proxy server) Jason Haar (Oct 25)