Re: My Snort IDS Sensor Detected Metasploit Exploit Attempts

[Eric G <eric () nixwizard net>]

On Wed, Apr 23, 2014 at 12:04 PM, Teo En Ming <teo.en.ming () gmail com> wrote:

> Dear Eric G,
>
> I may not be able to tap my outside internet and feed it to Snort because
> I am running Snort in a virtual machine, and it's sitting behind a wireless
> router. Please look at the attached network diagram and offer me advice on
> how I can tap the outside internet and feed it to Snort.
>
> Thank you very much.
>
> Yours sincerely,
>
> Teo En Ming
Teo,

In the past, using VirtualBox I have built a VM with two interfaces
attached to it, one that had the VM's normal management IP and the other
interface had a physical interface from the underlying host passed directly
through into the Virtualbox VM, in order to achieve what you're asking for.
In Virtualbox there's an option to allow promiscuous mode in the VM as
well... http://seclists.org/snort/2012/q4/174 seems to be a thread that
matches up with what I'm describing here

You would need a managed switch capable of having a SPAN port on the
outside of your wireless router though. Or a hub would be a cheap way to do
it too.

--
Erichttps://www.linkedin.com/in/ericgearhart

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!