Snort mailing list archives
Re: NIDS in the Cloud (was: Snort on Amazon EC2)
From: Eric G <eric () nixwizard net>
Date: Sat, 26 Jan 2013 13:07:10 -0500
On Sat, Jan 26, 2013 at 1:31 AM, Jason Haar <Jason_Haar () trimble com> wrote:
I can't answer your question, but NIDS in the Cloud is difficult, so I've got a related question. How do people monitor EC2 networks full of Windows servers? No daemonlogger-and-vtun tricks will help snort there... eg is anyone instead putting up a Linux gateway and placing their network behind that in order to do it "better"? (ie make your snort server the default gateway) ...or I guess you could install snort on every host!! :-)
If you could set up Snort to where it can inject spoofed TCP resets when a rule fires off further upstream from the Windows boxes (e.g. between router hops close to the edge) then in such a network you could have Snort "along side" the Windows boxes, monitoring the traffic but blocking only when rules fire off I guess there might be a timing issue with that though, because by the time the rule's fired off the traffic's already left the network. If future connections from the offending IP were dropped, that'd work though -- Eric http://www.linkedin.com/in/ericgearhart
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort on Amazon EC2 Greg Taylor-Broun (Jan 25)
- NIDS in the Cloud (was: Snort on Amazon EC2) Jason Haar (Jan 25)
- Re: NIDS in the Cloud Livio Ricciulli (Jan 25)
- Re: NIDS in the Cloud (was: Snort on Amazon EC2) Eric G (Jan 26)
- NIDS in the Cloud (was: Snort on Amazon EC2) Jason Haar (Jan 25)