|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rodolfo Etore (rponteado
gmail.com)
Date: Thu May 09 2013 - 10:05:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2013/5/8 James Lay <jlayslave-tothe-box.net>
> I do work with a company that has multiple paths out, so I think I know
> where you're at. Solution was/is to have a single machine with multiple
> nics, have each path's get a spanned port, and then use daq to listen to
> all the each interface in each path. Bonus was that one instance of snort
> handles all external traffic, no matter which path it comes/goes. Hope
> that sorta helps.
>
> James
>
>
Hello boss, I do understand your point of view but this won't help us at
this point, i would like to know if there's a way i could set snort to
match with only fragments of the packet, like only the GET or only the
response.
> On May 8, 2013, at 2:16 PM, Rodolfo Etore <rponteadogmail.com> wrote:
>
> Hello, thanks for your quickly response here,
>
>
>
> 2013/5/8 James Lay <jlayslave-tothe-box.net>
>
>> On 2013-05-08 12:54, Rodolfo Etore wrote:
>> > Hello all,
>> >
>> > Can you please help me with the following situation:
>> >
>> > I have two sensors, our network team created a portchannel to connect
>> > both sensors on the same network, and now the situation we are facing
>> > is this, the traffic comes into one sensor and gets out trough the
>> > order sensor, this way snort is not matching any rules, so i would
>> > like to check with you if there is an way so we can inspect the
>> > traffic in some sort of stateless mode, because it only matches when
>> > traffic gets out in the same sensor it got in.
>> >
>> > Many thanks for your help.
>>
>>
>> By sensor are you meaning a different machine/snort instance/interface?
>> Could you describe it in a litter more detail?
>>
>
> A sensor is basically a machine, and each machine has one bridge with one
> snort instance running. The two machines have the very same configuration.
> What happens is that in some situations we have the inbound packets trough
> one machine and the outbound packets trough the second machine, as
> mentioned early this way snort signature are not matching.
>
>>
>> James
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and
>> their applications. This 200-page book is written by three acclaimed
>> leaders in the field. The early access version is available now.
>> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
>> _______________________________________________
>> Snort-users mailing list
>> Snort-userslists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>
>
>
>
> --
> Muito obrigado desde já
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today!
> http://p.sf.net/sfu/neotech_d2d_may_______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
--
Muito obrigado desde já
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]