Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: Connecting snort bidirectionnal.

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Thu, 23 May 2002 11:01:08 +0200
If you're using linux (I think *bsd should have that feature too but I don't
know) you could try to recompile your kernel with channel bonding activated
which gives you one logical interface with 2+ physical interfaces. I use
that configuration when tapping to recombine streams and snort runs well.

Take a look on http://sourceforge.net/projects/bonding

HTH,
Sandro


Hello 

I have a little problem with the connection of my SNORT IDS 
on my provider 
:

I use the "classical" stealth connection with a tap :

Internet -------------TAP----------------Firewall
                      |  |
                  out |  |in
                      |  |
                     SNORT

The problem is : the tap gives me 2 outputs connected to 2 
interfaces on 
my Snort box : one for
the outbound traffic and one for the inbound traffic.

So I use two instances of snort to monitor the in and the 
out, but I can't 
make "activate" rules to work
on the answer.

As my net is full duplex, the "net-men" told me that putting a hub to 
merge the in and out should 
lead to collisions and loss of packets.

Any ideas ?

Patrice ARNAL
ALCANET France
Site d'ILLKIRCH
1 Route du Dr Albert SCHWEITZER
67408 ILLKIRCH CEDEX

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: