Snort mailing list archives
reject without being inline
From: Anthony Sheetz <sheetzam () inspire com>
Date: Wed, 14 Jan 2015 15:15:38 -0500
We have a snort sensor on our network being fed packets using a mirror from our switch. We'd like to be able to send RST packets using reject rules without having the sensor inline with our Internet traffic. Is this possible? It seems like it should be possible to route RST packets generated by our snort sensor out through our internet gateway without actually putting snort in the packet stream, perhaps using iptables rules on the sensor to rewrite them properly, or direct them out the correct ethernet port to the gateway, rather than the mirror port. Has anyone done this?
------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- reject without being inline Anthony Sheetz (Jan 14)