Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alerts with the incorrect Source IP (proxy server)

From: beenph <beenph () gmail com>
Date: Thu, 25 Oct 2012 07:04:39 -0400
On Thu, Oct 25, 2012 at 6:57 AM, Heine Lysemose <lysemose () gmail com> wrote:

Hi

I have had some of the same issues and still have.
Another solution was to use transparent proxy. I'm not able to do this on
out TMG server which in a setup as transparent proxy also should be the
default gateway which is not the case in our network setup.

Could a another solution be, since barnyard is not altering the packets, to
have a options in the GUI (Snorby, Squil, Squert) frontends to select
weather or not to switch the "Orig IP" with the "XFF IP". This will of
course only work if Barnyard2 will start population the XFF/EXTRA DATA into
to the database. Maybe this will be part of the new database schema?



Yeppers, the new schema will natively support IPV6,EXTRA_DATA thus
will correctly log them without an issue.

-elz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: