IDS mailing list archives
Re: IDS using Taps & network bridging
From: Bennett Todd <bet () rahul net>
Date: Wed, 27 Nov 2002 09:38:11 -0500
Rather than bridging the eth interfaces, try bonding them; the invocations looks something like grep bond0 /etc/modules.conf >/dev/null || \ echo alias bond0 bonding >>/etc/modules.conf /sbin/ifconfig bond0 promisc up /sbin/ifconfig eth1 up /sbin/ifenslave bond0 eth1 /sbin/ifconfig eth2 up /sbin/ifenslave bond0 eth2 snort -i bond0 ... The bonding interface is described in the kernel Documentation directory, in networking/bonding.txt. When you are doing unnumbered interfaces as above for sniffing, ifenslave(1) whinges a lot, since it wants to propagate addresses back and forth, to support H-A setups and etherchannel and the like. But just ignore the complaints, it seems to work fine. -Bennett
Attachment:
_bin
Description:
Current thread:
- IDS using Taps & network bridging oobs3c02 (Nov 17)
- RE: IDS using Taps & network bridging Bryan K. Watson (Nov 19)
- Re: IDS using Taps & network bridging nate (Nov 19)
- Re: IDS using Taps & network bridging Bennett Todd (Nov 27)
- <Possible follow-ups>
- RE: IDS using Taps & network bridging Douglas Hart (Nov 21)
- RE: IDS using Taps & network bridging Benninghoff, John (Nov 26)