[Snort-devel] Re: vlan filter
eric.lauzon at ...1967...
Fri Apr 29 13:30:04 EDT 2005
Instead of patching snort with vlan, i would rather recommend
to add support for vlan to your kernel(assuming you run linux,*BSD)
then create an alias interface for that vlan(with linux vconfig)
I am sure BSD* got the equivaent tools, and then bind the instance of
snort to that interface.
[Recherche & Développement]
Above Sécurité / Above Security
Tél : (450) 430-8166
Fax : (450) 430-1858
> -----Original Message-----
> From: snort-devel-admin at lists.sourceforge.net
> [mailto:snort-devel-admin at lists.sourceforge.net] On Behalf Of
> Matt Bell
> Sent: 28 avril 2005 13:29
> To: snort-devel at lists.sourceforge.net
> Subject: [Snort-devel] Re: vlan filter
> forgot to mention how one would use this. In Pass/Alert/Log
> mode i add a rule to the top of my snort.rules file:
> pass tcp any any -> any any (vlan:12;)
> now i dont have to worry about snort matching on tcp packets
> tagged with vlanid = 12. Please let me know what you think,
> im not on this mailing list so CC me on response.
> On Thu, 28 Apr 2005, Matt Bell wrote:
> > Hi,
> > I'm running the latest version of snort 2.3.3 and am monitoring a
> > tagged trunk but wanted snort to ignore all packets in
> certain vlans.
> > I wrote a detection plugin that allows me to filter out
> these particular packets.
> > Attached is a patch of the plugin against the latest src.
> > -Matt
More information about the Snort-devel