IDS mailing list archives

Re: IDS using Taps & network bridging

From: Bennett Todd <bet () rahul net>
Date: Wed, 27 Nov 2002 09:38:11 -0500

Rather than bridging the eth interfaces, try bonding them; the
invocations looks something like

        grep bond0 /etc/modules.conf >/dev/null || \
                echo alias bond0 bonding >>/etc/modules.conf
        /sbin/ifconfig bond0 promisc up
        /sbin/ifconfig eth1 up
        /sbin/ifenslave bond0 eth1
        /sbin/ifconfig eth2 up
        /sbin/ifenslave bond0 eth2
        snort -i bond0 ...

The bonding interface is described in the kernel Documentation
directory, in networking/bonding.txt. When you are doing unnumbered
interfaces as above for sniffing, ifenslave(1) whinges a lot, since
it wants to propagate addresses back and forth, to support H-A
setups and etherchannel and the like. But just ignore the
complaints, it seems to work fine.

-Bennett

Attachment: _bin
Description:

Current thread:

IDS using Taps & network bridging oobs3c02 (Nov 17)
- RE: IDS using Taps & network bridging Bryan K. Watson (Nov 19)
- Re: IDS using Taps & network bridging nate (Nov 19)
- Re: IDS using Taps & network bridging Bennett Todd (Nov 27)
- <Possible follow-ups>
- RE: IDS using Taps & network bridging Douglas Hart (Nov 21)
- RE: IDS using Taps & network bridging Benninghoff, John (Nov 26)