[Snort-users] Asynchronous routing
lance at ...185...
Sat Aug 5 15:26:46 EDT 2000
Routing buddy of mine wanted to know the following about
--- snip snip ---
Our particular network configuration leads to asynchronous routing,
we could in theory do synchronous detection with a sniffer, that
has two input interfaces, one from each core switch. The sniffer
would have to be able to watch both sides of a conversation on
As far as we know, no commercial sniffer is capable of this at this time.
However, we beleive that it is technically feasable. Of course one would
have to keep track of the state of every connection.
Are any of the IDS signatures snort uses reliant upon seeing both sides of the
conversation ? I assume that some are. Could we add a second input to the
packet engine so that it appears as one stream of data from two physical
--- snip snip ----
More information about the Snort-users