[Snort-users] Problem's with my snort DMZ sensor in another city
adidas30 at ...131...
Tue Jul 20 13:56:05 EDT 2004
This question is more of an architecture/environment
problem than a snort problem, but i am hoping you can
I have my DMZ switch which is a managed 3comm switch
mirroring all DMZ traffic to a stealth interface on my
snort sensor. I am sending alerts to a
database/management server though my other interface
on our local LAN subnet. Everything works great.
We also have a office in another city without IT
staff. I built another sensor that we want to deploy
in on the DMZ in that city. Same type of managed
3comm switch. Both offices are connected though a
frame relay cloud. I can ssh into the sensor though
the LAN connected side. Because they don't have IT
staff we tested a solution here before we send it out
where I temporarily assigned the DMZ homed interface
an IP address on the DMZ subnet, so i can manage that
switch from my city (to initially set up port
mirroring) and then quickly bring the interface back
to stealth mode and keep it there.
My problem is that the when i give the stealth
interface an IP address on the DMZ subnet and try to
ping the webserver or anything else on the DMZ (don't
worry, i am doing a ping -I eth1 to ping from the DMZ
homed interface) i get destination unreachable. I
finally called someone there and had them jump on the
webserver and try to ping the temp IP DMZ address i
gave the snort sensor and they got no reply also.
According to my contact in that office I do have a
link light on both the LAN card and the DMZ card of
the snort sensor.
So far does anything pop out at you guys that I am
missing. I did pre-test while that sensor machine
and that switch were here before i sent it out. The
switch is working correctly because the web and mail
severs are working fine. Short of a bad cable or
damaged card, I have run out of ideas. Can anyone
shed some light?
Thanks for your time. I know its kind of a long
involved question but I have run out of ideas and feel
helpless because i have to bother someone each time i
need them to troubleshoot with me.
REPLY TO: adidas3 at ...549...
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
More information about the Snort-users