IDS mailing list archives

Re: how to build an inline ids?

From: Milos Urbanek <urbanek () zoom-int cz>
Date: Sat, 16 Nov 2002 17:00:38 +0100

On Fri, Nov 15, 2002 at 03:00:45PM -0800, spy guy wrote:

Buy a hub and you're done. More efficient and functional solution
then to buy additional NICs to your Linux box and fiddling with the
bridge in linux..

Milos

I have a question and I was hoping someone could help.

Is it possible to build an x86 based PC as an in-line IDS?

I want to install Snort IDS at home, but have no taps or equipment that
can mirror/span ports.

Can I build a Linux PC with 2 nics and put it inline between my firewall
and adsl modem?

I would like to have the NIC's in some sort of 'Stealth mode', so that
no IP's are needed and thus my network config will not change. I just
want the NIC's to pass traffic in both directions and then run snort to
monitor the traffic on both.

Is there a way to do this?

Current thread:

how to build an inline ids? spy guy (Nov 16)
- Re: how to build an inline ids? Milos Urbanek (Nov 17)
- Re: how to build an inline ids? buzzdee (Nov 17)
- <Possible follow-ups>
- Re: how to build an inline ids? Gregory Perry (Nov 17)