Re: IDS using Taps & network bridging

From: Bennett Todd (bet@rahul.net)
Date: 11/27/02

Next message: Chiara Sambi: "span and stacking switch and MSFC"

Previous message: Benninghoff, John: "RE: IDS using Taps & network bridging"
In reply to: oobs3c02@attbi.com: "IDS using Taps & network bridging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Nov 2002 09:38:11 -0500
From: Bennett Todd <bet@rahul.net>
To: oobs3c02@attbi.com

Rather than bridging the eth interfaces, try bonding them; the
invocations looks something like

        grep bond0 /etc/modules.conf >/dev/null || \
                echo alias bond0 bonding >>/etc/modules.conf
        /sbin/ifconfig bond0 promisc up
        /sbin/ifconfig eth1 up
        /sbin/ifenslave bond0 eth1
        /sbin/ifconfig eth2 up
        /sbin/ifenslave bond0 eth2
        snort -i bond0 ...

The bonding interface is described in the kernel Documentation
directory, in networking/bonding.txt. When you are doing unnumbered
interfaces as above for sniffing, ifenslave(1) whinges a lot, since
it wants to propagate addresses back and forth, to support H-A
setups and etherchannel and the like. But just ignore the
complaints, it seems to work fine.

-Bennett

application/pgp-signature attachment: stored

Next message: Chiara Sambi: "span and stacking switch and MSFC"
Previous message: Benninghoff, John: "RE: IDS using Taps & network bridging"
In reply to: oobs3c02@attbi.com: "IDS using Taps & network bridging"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]