Snort mailing list archives
Re: Snort with AFPacket
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 03 Nov 2014 21:22:41 -0500
On 11/3/2014 8:17 PM, James Lay wrote:
Indeed that is afpacket is supposed to function. Ideally you're on a machine with three NIC's..one for management, and the other two acting as a bridge. Look at NFQ if you're going to be running this on a firewall device.
actually, the machine in question can have 2 to 4 NICs... none are for management... one is for the connection to the WAN and the other three are for up to 3 internal LANs... i believe that the OP is bridging the WAN NIC to one of the internal LAN NICs and that they have only two NICs in their machine... if i'm reading this correctly, they've effectively bypassed everything in the middle between the two NICs that is supposed to be there protecting their internal networks from the WAN traffic... all of that protection is done via iptables and specific handling of certain traffic... snort normally looks at their WAN interface and sees all the traffic in front of iptables before iptables has any chance to handle it... -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort with AFPacket, (continued)
- Re: Snort with AFPacket James Lay (Nov 03)
- Re: Snort with AFPacket Sec_Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)
- Re: Snort with AFPacket Sec Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)
- Re: Snort with AFPacket waldo kitty (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 04)
- Re: Snort with AFPacket Sec_Aficionado (Nov 04)
- Re: Snort with AFPacket James Lay (Nov 04)
- Re: Snort with AFPacket waldo kitty (Nov 04)
- Re: Snort with AFPacket Sec_Aficionado (Nov 03)
- Re: Snort with AFPacket James Lay (Nov 03)
- Re: Snort with AFPacket waldo kitty (Nov 03)