Snort mailing list archives

Connecting snort bidirectionnal.

From: Patrice.Arnal () alcatel fr
Date: Thu, 23 May 2002 09:59:21 +0200

Hello 

I have a little problem with the connection of my SNORT IDS on my provider 
:

I use the "classical" stealth connection with a tap :

Internet -------------TAP----------------Firewall
                      |  |
                  out |  |in
                      |  |
                     SNORT

The problem is : the tap gives me 2 outputs connected to 2 interfaces on 
my Snort box : one for
the outbound traffic and one for the inbound traffic.

So I use two instances of snort to monitor the in and the out, but I can't 
make "activate" rules to work
on the answer.

As my net is full duplex, the "net-men" told me that putting a hub to 
merge the in and out should 
lead to collisions and loss of packets.

Any ideas ?

Patrice ARNAL
ALCANET France
Site d'ILLKIRCH
1 Route du Dr Albert SCHWEITZER
67408 ILLKIRCH CEDEX

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Connecting snort bidirectionnal. Patrice . Arnal (May 23)
- Re: Connecting snort bidirectionnal. Jeff Nathan (May 23)