Re: Snort inline and iptablesy

lennu_at_codename.fi
Date: 08/23/05

  • Next message: Michal Melewski: "Re: Snort inline and iptablesy" 
    Date: Tue, 23 Aug 2005 11:07:08 +0300
To: mike@carstein.c.pl

    I have lots of computer is there any solutions to do centralized snort / iptables inline with easy way ? Any projects what I should take look ?

    On Mon, Aug 22, 2005 at 10:03:38PM +0200, Michal Melewski wrote:
    > Dnia 22-08-2005, pon o godzinie 05:29 +0000, afshinlamei@gmail.com
    > napisa?(a):
    > > Dear all,
    > > 1- can i use snort inline+iptables in router (no bridge) mode under linux?
    > Yes, you can. All you have to do, is to redirect all your incoming (and
    > possibly outgoing) traffic to QUEUE target in your iptables rules.
    >
    > > 2- what's the performance issuses when using snort inline + flexresponse mode?
    > Processor usage is strictly connected with traffic size, but there is
    > constant RAM usage (in my case 20-30 MB of RAM is used).
    > I had no time to do any traffic latency tests.
    >
    > > thanks
    > > afshin
    >
    > --
    > Michael "carstein" Melewski | "We have no future bacause our present
    > carstein()7thguard.net | is too volatile. We have only risk
    > mobile: 502 545 913 | management. The spinning of the given
    > JID: carstein()gentoo.pl | moment's scenarios. Pattern recognition.
    >
    >
    > ------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it
    > with real-world attacks from CORE IMPACT.
    > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > to learn more.
    > ------------------------------------------------------------------------
    >

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: Michal Melewski: "Re: Snort inline and iptablesy"

    Relevant Pages

    • Re: Tracking back internal incidents to users, not IPs
      ... Note that I am assuming that the source is a DHCP system here (otherwise ... Note that I would take an open source or a commercial product as a ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: Tracking back internal incidents to users, not IPs
      ... Note that I am assuming that the source is a DHCP system here (otherwise ... it is much easier problem). ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: What type of IDS should I use?
      ... communication is strictly prohibited. ... with real-world attacks from CORE IMPACT. ... Do You Yahoo!? ...
      (Focus-IDS)
    • SV: Bittorrent - utorrent
      ... As I am a contractor on the job – I could not controle their policies to whats legal and whats not – so that issue was out of the question. ... If it's not based on protocol interpretation and file type look up, ... Find out quickly and easily by testing it with real-world attacks from ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • RE: Need Help in My Project
      ... Packet Decoding ... Find out by easily testing it with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)