Snort mailing list archives

Re: Snort IPS in a Virtual Machine

From: Anton Bezkrovny <anton.bezkrovny () lamoda ru>
Date: Tue, 26 Jul 2016 12:57:09 +0300

Hi!

I' am trying to find a way to set snort as IPS in a VM. I cant on host

because its windows and i think snort doesn't work as IPS on windows.
Suggestions
please

we have made so:

1. VM CentOS7 at ESXI, with 3 eth, 2 in L2 in bridge and 1 L3 -
management

2. Snort + DAQ nfq + Aanval.

3. Get working IPS.

Best regards,

Anton Bezkrovny

Specialist of Audit and Control Information Systems Team

Information Security Department

Lamoda | Letnikovskaya 10, bldg. 5 | Moscow | Russia

+7(495) 640-80-65, Ext. 3229

+7(915) 022-71-97

www.lamoda.ru

*From:* Dave Osbourne [mailto:dave () osbourne uk eu org]
*Sent:* Tuesday, July 26, 2016 11:47 AM
*To:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] Snort IPS in a Virtual Machine

Are you bridging VLANs (in IPS mode) or 2 physical interfaces? I thought
about trying to use it to bridge 2 VLANs with a virtual NIC in each one,
but in the end bought a solid state PC and opted for that out of fear of
the unknown (;

On 2016-07-26 03:42, Al Lewis (allewi) wrote:

Use a *nix machine :-)

*Albert Lewis*

ENGINEER.SOFTWARE ENGINEERING

SOURCE*fire*, Inc. now part of *Cisco*

Email: allewi () cisco com

*From: *João Ferreira <joaodsmf1 () gmail com>
*Date: *Monday, July 25, 2016 at 9:19 PM
*To: *'snort-users' <snort-users () lists sourceforge net>
*Subject: *[Snort-users] Snort IPS in a Virtual Machine

I' am trying to find a way to set snort as IPS in a VM. I cant on host
because its windows and i think snort doesn't work as IPS on windows.
Suggestions please.

------------------------------------------------------------------------------

What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic

patterns at an interface-level. Reveals which users, apps, and protocols are

consuming the most bandwidth. Provides multi-vendor support for NetFlow,

J-Flow, sFlow and other flows. Make informed decisions using capacity planning

reports.http://sdm.link/zohodev2dev

_______________________________________________

Snort-users mailing list

Snort-users () lists sourceforge net

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

--
__________________________________________________________________________
CONFIDENTIALITY NOTICE: The information contained in the present message
(including any information contained in attachments herein) may be
confidential and privileged. It may be read, copied and used only by the
intended recipient. If you have received it in error please contact the
sender (by return e-mail) immediately and delete this message. Any
unauthorized use or dissemination of this message in whole or in parts is
strictly prohibited. Print this message only if sharp necessary.
УВЕДОМЛЕНИЕ О КОНФИДЕНЦИАЛЬНОСТИ: Информация, содержащаяся в настоящем
сообщении (включая любое вложение) может быть конфиденциальной и охраняться
действующим законодательством. Сообщение может быть прочитано, скопировано
и использовано исключительно лицом, которому сообщение предназначается.
Если Вы получили настоящее сообщение по ошибке, пожалуйста, незамедлительно
сообщите об этом отправителю (ответным письмом по электронной почте). Любое
несанкционированное использование или распространение информации,
содержащейся в настоящем сообщении в целом или в части, строго запрещены.
Не распечатывайте настоящее сообщение, если в этом нет крайней
необходимости.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort IPS in a Virtual Machine João Ferreira (Jul 25)
- Re: Snort IPS in a Virtual Machine Al Lewis (allewi) (Jul 25)
  - Re: Snort IPS in a Virtual Machine Dave Osbourne (Jul 26)
    - Re: Snort IPS in a Virtual Machine Anton Bezkrovny (Jul 26)
- Re: Snort IPS in a Virtual Machine Y M (Jul 26)
  - Re: Snort IPS in a Virtual Machine B (Jul 26)
    - Re: Snort IPS in a Virtual Machine Y M (Jul 26)