Re: Snort stateless/asymmetric mode

[James Lay <jlay () slave-tothe-box net>]

On 2013-05-08 12:54, Rodolfo Etore wrote:
> Hello all,
>
> Can you please help me with the following situation:
>
> I have two sensors, our network team created a portchannel to connect
> both sensors on the same network, and now the situation we are facing
> is this, the traffic comes into one sensor and gets out trough the
> order sensor, this way snort is not matching any rules, so i would
> like to check with you if there is an way so we can inspect the
> traffic in some sort of stateless mode, because it only matches when
> traffic gets out in the same sensor it got in.
>
> Many thanks for your help.


By sensor are you meaning a different machine/snort instance/interface? 
Could you describe it in a litter more detail?

James

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!