[Snort-users] Connecting snort bidirectionnal.

Patrice.Arnal at ...4604... Patrice.Arnal at ...4604...
Thu May 23 01:00:02 EDT 2002


Hello 

I have a little problem with the connection of my SNORT IDS on my provider 
:

I use the "classical" stealth connection with a tap :

Internet -------------TAP----------------Firewall
                      |  |
                  out |  |in
                      |  |
                     SNORT

The problem is : the tap gives me 2 outputs connected to 2 interfaces on 
my Snort box : one for
the outbound traffic and one for the inbound traffic.

So I use two instances of snort to monitor the in and the out, but I can't 
make "activate" rules to work
on the answer.

As my net is full duplex, the "net-men" told me that putting a hub to 
merge the in and out should 
lead to collisions and loss of packets.

Any ideas ?

Patrice ARNAL
ALCANET France
Site d'ILLKIRCH
1 Route du Dr Albert SCHWEITZER
67408 ILLKIRCH CEDEX




More information about the Snort-users mailing list