Snort mailing list archives
Bridge+FireWall+snort
From: data () reypastor hispalinux es (Jesus Climent)
Date: Mon, 3 Dec 2001 16:02:06 +0100
Hi all!
Let's see if someone has already solved this problem:
I have a machine (FreeBSD 4.4) with bridging between 2 net cards. I have
already installed it and set the firewall rules (right now very basic
ones, but all of them rejecting incoming traffic, so no problem)
The idea is to set snort so we can actively deny incoming traffic once
we open it little more.
The schema is as follows:
[LocalArea] <--------+ +----------> WAN
| |
| |
eth0 *** *** eth1
*** ***
+---------------------+
| ^ ^ |
| | | |
| | | |
| +-+-----+--+ |
| | | |
| ipfw snort |
| | |
| ^ | |
| +------+ |
| |
| FreeBSD 4.4 |
+---------------------+
Ok. Now the literature.
The idea is having snort so if we receive some call from an authorized
machine which has been infected, let's say, by nimda, we can dynamically
insert a rule in ipfw denying traffic from that machine to the
LocalArea.
The only problem is that I have not been able to find any traffic using
snort.
I have opened a system from outside and tryed to start an alarm by
providing one snort basic rule, but I get no alert message.
Has anyone done something similar?
Please, feel free to send comments or suggestions.
TIA, Jesse.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bridge+FireWall+snort Jesus Climent (Dec 03)