[Snort-sigs] Fwd: Snort forwarding/redirecting traffic based on alert

AllowOverride allowoverride at ...2420...
Thu Oct 4 12:09:49 EDT 2012


i like this idea, this makes sense, i will watch this thread...

On Thu, 2012-10-04 at 00:36 -0400, Mr. Qoheleth wrote:
> Hello all, 
> 
> 
> I am relatively new to Snort and wanted to do some development using
> Snort.  My goal is to put Snort in-line with the network as an IPS.  I
> would like to forward (or re-direct) traffic matching pre-set rules to
> a certain computer or IP (say honeypot address or something like that)
> and then traffic that does not meet any of my alert rules, I would
> like to direct it to a different system (say another system handling
> my external routing out of the network.)  Do you know of a way to
> accomplish this?
> 
> 
> i.e. Is there a way, using Snort to inspect network traffic and
> re-direct traffic based on various alert/rules/signatures?
> 
> 
> Thank you sooo much for your expertise!  
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________ Snort-sigs mailing list Snort-sigs at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!





More information about the Snort-sigs mailing list