NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> current

Re: [Snort-users] Basics of setting up an inline snort installation

From: Heine Lysemose (lysemosegmail.com)
Date: Thu Feb 09 2012 - 10:21:01 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

To setup Snort as inline you need 3 network interface and pass your traffic
through a bridge between 2 of the interfaces and a 3. for administration.
You can start Snort with -Q to enable inline.

/Lysemose
On Feb 9, 2012 4:23 PM, "Dave Kelly" <bigdavekellygooglemail.com> wrote:

> Hello,
>
> I'm going to try setting up a new inline configuration, I've only
> tried passive before but would like Snort to be able to drop packets
> it says are bad. I'm trying to work out the IP addressing for it. At
> the moment, I have all my machines in 192.168.1.0/24 with a router at
> 192.168.1.1 and a mirrored port on the switch sending all traffic to
> snort.
>
> It's pretty similar to the Ubuntu getting started guide in the docs
> ("Snort 2.9.2.0 on Ubuntu 10.04 LTS").
>
> I think that to move snort to inline I'm going to need to give it a
> proper IP address and have the traffic pass through it but I can't
> quite work out how to do that without reconfiguring all the hosts to
> have new gateway addresses etc. Any hints to get me going would be
> much appreciated.
>
> Dave.
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]