reject without being inline

[Anthony Sheetz <sheetzam () inspire com>]

We have a snort sensor on our network being fed packets using a mirror from
our switch. We'd like to be able to send RST packets using reject rules
without having the sensor inline with our Internet traffic. Is this
possible?

It seems like it should be possible to route RST packets generated by our
snort sensor out through our internet gateway without actually putting
snort in the packet stream, perhaps using iptables rules on the sensor to
rewrite them properly, or direct them out the correct ethernet port to the
gateway, rather than the mirror port.

Has anyone done this?

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!