[Snort-devel] Snort forwarding/redirecting traffic based on alert
jesler at ...402...
Thu Oct 4 09:38:46 EDT 2012
On Oct 3, 2012, at 6:46 PM, Mr. Qoheleth <qoheleth26 at ...2499...> wrote:
> I am relatively new to Snort and wanted to do some development using Snort. My goal is to put Snort in-line with the network as an IPS. I would like to forward (or re-direct) traffic matching pre-set rules to a certain computer or IP (say honeypot address or something like that) and then traffic that does not meet any of my alert rules, I would like to direct it to a different system (say another system handling my external routing out of the network.) Do you know of a way to accomplish this?
> i.e. Is there a way, using Snort to inspect network traffic and re-direct traffic based on various alert/rules/signatures?
> Thank you sooo much for your expertise!
I don't know if the project is still active (last update appears to be 2009) but Honeywall did this:
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel