Snort mailing list archives

Re: Fwd: Snort forwarding/redirecting traffic based on alert

From: AllowOverride <allowoverride () gmail com>
Date: Thu, 04 Oct 2012 09:09:49 -0700

i like this idea, this makes sense, i will watch this thread...

On Thu, 2012-10-04 at 00:36 -0400, Mr. Qoheleth wrote:

Hello all, 


I am relatively new to Snort and wanted to do some development using
Snort.  My goal is to put Snort in-line with the network as an IPS.  I
would like to forward (or re-direct) traffic matching pre-set rules to
a certain computer or IP (say honeypot address or something like that)
and then traffic that does not meet any of my alert rules, I would
like to direct it to a different system (say another system handling
my external routing out of the network.)  Do you know of a way to
accomplish this?


i.e. Is there a way, using Snort to inspect network traffic and
re-direct traffic based on various alert/rules/signatures?


Thank you sooo much for your expertise!  





------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net 
https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for 
the latest news about Snort!



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort forwarding/redirecting traffic based on alert Mr. Qoheleth (Oct 04)
- Fwd: Snort forwarding/redirecting traffic based on alert Mr. Qoheleth (Oct 04)
  - Re: Fwd: Snort forwarding/redirecting traffic based on alert AllowOverride (Oct 04)
- Re: Snort forwarding/redirecting traffic based on alert Joel Esler (Oct 04)
- <Possible follow-ups>
- Re: Snort forwarding/redirecting traffic based on alert Abdulellah Alsaheel (Oct 08)