Re: how to build an inline ids?

From: buzzdee (reitenba@fh-brandenburg.de)
Date: 11/18/02

  • Next message: Ron Gula: "Re: Where is Ron Gula? (was "Changes in IDS Companies?")"
    From: buzzdee <reitenba@fh-brandenburg.de>
    To: focus-ids@securityfocus.com
    Date: Mon, 18 Nov 2002 07:04:40 +0100
    
    

    Am Samstag 16 November 2002 00:00 schrieb spy guy:
    > I have a question and I was hoping someone could help.
    >
    > Is it possible to build an x86 based PC as an in-line IDS?
    >
    > I want to install Snort IDS at home, but have no taps or equipment that
    > can mirror/span ports.
    >
    > Can I build a Linux PC with 2 nics and put it inline between my firewall
    > and adsl modem?
    >
    > I would like to have the NIC's in some sort of 'Stealth mode', so that
    > no IP's are needed and thus my network config will not change. I just
    > want the NIC's to pass traffic in both directions and then run snort to
    > monitor the traffic on both.
    >
    > Is there a way to do this?
    yes, configure this box as a bridge (your 2 NIC's in stealth mode) without
    any IP attached to this interfaces, so that any traffic has to go through
    that box and you can inspect it with snort. possibliy you want to
    administrate the box remotely then plug a third NIC into the box with a IP
    assigned to it.

    hth