Snort mailing list archives
Re: router installation?
From: Jason <security () brvenik com>
Date: Mon, 04 Oct 2004 13:16:25 -0400
Jason Haar wrote:
Jason wrote:Once you have logging figured out you have many options on how to actually configure Snort. You can run multiple instances or have Snort monitor the virtual interface "any". If this were not a firewall then interface bonding might be appropriate to enable selective interface monitoring with a single instance of Snort.I don't think bonding "disables" using the "raw" Ethernet cards at the same time(?). That could indeed be a usable option (depending on load of course). Bond all the Ethernet cards as "bond0" and monitor that with snort whilst the firewall part carries on doing it's job with the "raw" eth* interfaces.I would suggest specifically installing firewall rules disabling any OUT/FORWARD traffic to bond0 - just to be on the safe side...
My fear is that the bonding could end up mixing the traffic and allow bypass of the firewall. I have not seen or done any testing to validate if it is an issue or not and I have no knowledge of how interface bonding is implemented however I suspect it is to support multiple nics at a single address for more throughput. If this is the case then I would certainly not attempt to intermix them on a firewall. I shy away from doing it because of these unanswered questions. This being a firewall I would want to minimize the opportunity for bypass and stick with separate instances.
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- router installation? Magnus Ternström (Oct 03)
- Re: router installation? Jason (Oct 03)
- Re: router installation? Jason Haar (Oct 04)
- Re: router installation? Jason (Oct 04)
- Re: router installation? Alex Butcher, ISC/ISYS (Oct 05)
- Re: router installation? Jason Haar (Oct 04)
- Re: router installation? Jose Maria Lopez (Oct 04)
- Re: router installation? Jason (Oct 03)