Snort mailing list archives
Re: Snort and my VLANs
From: Ayodele Okeowo <aymacro () gmail com>
Date: Fri, 15 Feb 2013 11:14:49 -0500
Unfortunately, I responded to the last thread that showed up on my phone, then I found out you solved the problem after I've hit sent. :) Glad it's working for you Josh. Enjoy the rest of your day as well. Ayo On Fri, Feb 15, 2013 at 11:09 AM, Josh Bitto <jbitto () onlineschool ca> wrote:
I actually resolved this…but since its Friday and you might not enjoy the rest of your life without knowing this. :P**** We are using proxmox virtual environment with a pfsense firewall…..so all my interfaces are created through that……Turns out I did everything correctly I was just being a noob on triggering events.**** ** ** ** ** ** ** *From:* Ayodele Okeowo [mailto:aymacro () gmail com] *Sent:* Friday, February 15, 2013 5:54 AMA *To:* Josh Bitto *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Snort and my VLANs**** ** ** Josh, YM is right, you will need a distributed IDS to do this, however, what you can do is, place your Sensor in a specific VLAN, and then assign that VLAN to the egress interface of your Core switch or edge router before traffic cross over to the Internet. This way you would be able to sense and drop any packets. And if you want to capture/sniff packets per VLAN, create a port mirroring on a VLAN, then assign that VLAN to the interface where your IDS is plugged to. All traffic will be mirrored to this interface so you can monitor them on your IDS. Are your devices Ciscos or Juniper or mixed environment? **** Ayo**** ** ** On Thu, Feb 14, 2013 at 4:56 PM, Josh Bitto <jbitto () onlineschool ca> wrote:**** I’m having issues where I am not able to determine if I can actually catch bad traffic with snort.**** **** Right now I have snort in a test lab where I have interfaces WAN, LAN….and then my VLANS. My firewall does all the routing and has the vlans setup. So when I go to testmyids.com and trigger a rule I get the rule triggered on my WAN interface but not any of my VLANs……**** **** Basically what I’m trying to initiate is if a user brings in a byod…I want to be able to detect anything on that machine when it connects to my internal vlan.**** **** ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!**** ** **
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort and my VLANs Josh Bitto (Feb 14)
- Re: Snort and my VLANs Ayodele Okeowo (Feb 15)
- Re: Snort and my VLANs Josh Bitto (Feb 15)
- Re: Snort and my VLANs Ayodele Okeowo (Feb 15)
- Re: Snort and my VLANs Josh Bitto (Feb 15)
- <Possible follow-ups>
- Re: Snort and my VLANs Y M (Feb 14)
- Re: Snort and my VLANs Josh Bitto (Feb 14)
- Re: Snort and my VLANs Josh Bitto (Feb 14)
- Re: Snort and my VLANs Joel Esler (Feb 15)
- Re: Snort and my VLANs Ayodele Okeowo (Feb 15)