[Snort-sigs] Fwd: Snort forwarding/redirecting traffic based on alert

Mr. Qoheleth qoheleth26 at ...2420...
Thu Oct 4 00:36:26 EDT 2012


Hello all,

I am relatively new to Snort and wanted to do some development using Snort.
 My goal is to put Snort in-line with the network as an IPS.  I would like
to forward (or re-direct) traffic matching pre-set rules to a certain
computer or IP (say honeypot address or something like that) and then
traffic that does not meet any of my alert rules, I would like to direct it
to a different system (say another system handling my external routing out
of the network.)  Do you know of a way to accomplish this?

i.e. Is there a way, using Snort to inspect network traffic and re-direct
traffic based on various alert/rules/signatures?

Thank you sooo much for your expertise!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121004/1f4faa0b/attachment.html>


More information about the Snort-sigs mailing list