AW: [Snort-users] Connecting snort bidirectionnal.
Sandro.Poppi at ...3316...
Thu May 23 02:02:03 EDT 2002
If you're using linux (I think *bsd should have that feature too but I don't
know) you could try to recompile your kernel with channel bonding activated
which gives you one logical interface with 2+ physical interfaces. I use
that configuration when tapping to recombine streams and snort runs well.
Take a look on http://sourceforge.net/projects/bonding
> I have a little problem with the connection of my SNORT IDS
> on my provider
> I use the "classical" stealth connection with a tap :
> Internet -------------TAP----------------Firewall
> | |
> out | |in
> | |
> The problem is : the tap gives me 2 outputs connected to 2
> interfaces on
> my Snort box : one for
> the outbound traffic and one for the inbound traffic.
> So I use two instances of snort to monitor the in and the
> out, but I can't
> make "activate" rules to work
> on the answer.
> As my net is full duplex, the "net-men" told me that putting a hub to
> merge the in and out should
> lead to collisions and loss of packets.
> Any ideas ?
> Patrice ARNAL
> ALCANET France
> Site d'ILLKIRCH
> 1 Route du Dr Albert SCHWEITZER
> 67408 ILLKIRCH CEDEX
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users