Security Basics mailing list archives
RE: Passive Snort Setup
From: "Jeremi Gosney" <Jeremi.Gosney () motricity com>
Date: Thu, 19 Feb 2009 22:47:54 -0800
Yes, this is possible through ethernet bridging, which will transparently forward frames (not packets, we're operating on layer2 not layer3) between two network segments. In this configuration, the bridged interfaces do not need an IP address. However, it is recommended a third interface is present with an IP address so you may manage the system remotely. Once the system has been configured as a bridge and is successfully forwarding frames, you can configure iptables and run snort in inline mode. A quick google search for "snort on ethernet bridge" returned a really good document: http://www.hakin9.org/prt/view/building-ips.html -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Daniel Hood Sent: Thursday, February 19, 2009 4:19 PM To: security-basics () securityfocus com Subject: Passive Snort Setup Is it possible to set up a Snort IDS system with a topology like this: hosts > switch > Snort-IDS > Router But, have no ip address on either interface of the snort box and it just forward packets through after checking them for malicious activity? I don't want the snort box to do NAT or be the default gateway, I just want it to passively be there. Daniel
Current thread:
- Passive Snort Setup Daniel Hood (Feb 19)
- Re: Passive Snort Setup Ivan . (Feb 19)
- Re: Passive Snort Setup Ray Van Dolson (Feb 19)
- Message not available
- Fwd: Passive Snort Setup Daniel Hood (Feb 20)
- RE: Passive Snort Setup Gould, Scott (Feb 20)
- Message not available
- Re: Passive Snort Setup Javier Reyna (Feb 19)
- RE: Passive Snort Setup Jeremi Gosney (Feb 20)
- Re: Passive Snort Setup Michal Purzynski (Feb 20)