tommy.erikssonctakt.com
I'm looking to do a setup like this:

                          Net
                           |
                        Router
                           |
                       Snort Box (Doing Ethernet Bridging)
                           |
                        Switch
                           /\
                          / \
                         / \
smb billing etc <-Private || Public Net-> www ftp mail dns

My question is, could the snort box doing ethernet bridging actually block
tcp/udp/icmp/etc/etc type packets coming over the network with this approach
(freebsd or linux) even though it is transparent to the network (I might
assign an IP for remote access).

Thank you very much for your time,
sponix

>From: "Tommy Eriksson" <tommy.erikssonctakt.com>
>To: <snort-userslists.sourceforge.net>
>Subject: RE: [Snort-users] ipchains problem
>Date: Fri, 22 Feb 2002 15:14:03 +0100
>
>
>Ok, if I understood you correct your setup looks something like this (You
>stated that your snort box only had one interface):
>
> *********
> * Snort *
> *********
> |
> |
> *********** ************
> [Internet]----* HUB *---* Firewall *---[Intranet]
> *********** ************
>
>If this is the case there is no way for the snort box to block IP traffic
>to
>your Intranet.
>
>/Tommy
>
>-----Original Message-----
>From: snort-users-adminlists.sourceforge.net
>[mailto:snort-users-adminlists.sourceforge.net]On Behalf Of
>drazen.pranicagrokor.hr
>Sent: den 22 februari 2002 14:22
>To: Snort
>Subject: [Snort-users] ipchains problem
>
>
>Hello,
>Dear Snort users, I urgently need help.
>One problem takes me a lot of time.
>In our company we want to improve our security. We have comercial firewall.
>We choose snort as IDS solution. Snort runs on Linux machine infront of
>whole network.
>Whole IP traffic passes through it. Now, we want to configure ipchains with
>snort.
>I found guardian script that automatically do that. It works ok, but we
>have
>problem with ipcahins.
>When attack came on IP address of Linux machine IPchains blocked it
>correctly.
>(Linux machine has only one interface.)
>Problem is when attack came on IP addresses of comercial firewall (which is
>behind snort), nothing happend.
>It seems that ipchains blocks only traffic for linux server.
>I failed manually to block other ip addresses.
>How can we block whole range of ip addresses?
>Thanks for any help,
>Drazen
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-userslists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]