don't interrupt traffic when snort inline crashes

["Guillaume Daleux" <guillaume.daleux () abovesecurity com>]

Hi all,

We decided to use snort inline as an IPS.

We will deploy snort inline on network and we have one question about what will happen when machine or snort will crash.

- If our machine crashes, we have a fail open card so traffic will be forward. (of course without IPS but we think it's 
better to not interrupt network traffic) 
- My question is if snort crashes, the bridge between our interface will be broken but the system will be up so fail 
open card will not work as a bridge and we will lost every packets.

How could we resolve this issue to not interrupt traffic after snort crashes ?


Thanks for your answer.


 

Guillaume DALEUX
        
tel : 450.430.8166 x2279 | guillaume.daleux () abovesecurity com

sans frais / toll free : 1.866.430.8166 | fax: 450.430.1858

Managed Security Services ? Information Risk Management

Surveillance ? Gestion Des Risques Informationnels
203 - 1919 boul. Lionel-Bertrand ? Boisbriand ? QC ? Canada ? J7H 1N8

www.abovesecurite.com

 

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!