Snort mailing list archives
Re: Virtual Machines and Hypervisors
From: Juan Camilo Valencia <camilo.valencia13 () gmail com>
Date: Tue, 29 Jan 2013 09:24:08 -0500
Hi Guys, I thought that maybe the VM generate some kind of flags in the headers of the protocols to communicate in the network. Basically I can detect the MAC address and associate them with and IP address, however there are scenarios that the people can change the MAC address and the method that I use is not valid. But Thanks a lot for your fast answer, Best Regards, On Tue, Jan 29, 2013 at 9:06 AM, Joel Esler <jesler () sourcefire com> wrote:
On Jan 29, 2013, at 7:59 AM, Juan Camilo Valencia < juan.valencia () seguratec com co> wrote: Hi Guys, I am trying to find a way to ban virtual machines and hypervisors in our network, I made a quicly research and I didn't found anything. Can somebody tell me if exist a way or a method to detect that, one of my ideas is when the VM is configured in NAT mode detect that kind of traffic, but the problem is when the VM is configured in bridge mode. It's a bit difficult to take care of this task via Snort as it involves tracking host vs. mac address vs. traffic. Snort doesn't help inherently with this. Sourcefire makes another product that does this (it's not open source) in our commercial products. -- *Joel Esler* Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
-- JUAN CAMILO VALENCIA VARGAS Ingeniero de Operaciones SeguraTec S.A.S Calle 11 # 43B-50 of 307 Medelllín Colombia *“Choose a job you love, and you will never have to work a day in your life” *
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 29)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 29)
- Re: Virtual Machines and Hypervisors Ulric Eriksson (Jan 30)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Message not available
- Fwd: Re: Virtual Machines and Hypervisors Mikael Keri (Jan 29)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors mikael keri (Jan 29)
- Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
- Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)
- Fwd: Re: Virtual Machines and Hypervisors Mikael Keri (Jan 29)