[Snort-users] Alerts with the incorrect Source IP (proxy server)
lysemose at ...11827...
Thu Oct 25 07:43:55 EDT 2012
Thanks for the confirmation.
On Thu, Oct 25, 2012 at 11:04 AM, beenph <beenph at ...11827...> wrote:
> On Thu, Oct 25, 2012 at 6:57 AM, Heine Lysemose <lysemose at ...11827...>
> > Hi
> > I have had some of the same issues and still have.
> > Another solution was to use transparent proxy. I'm not able to do this on
> > out TMG server which in a setup as transparent proxy also should be the
> > default gateway which is not the case in our network setup.
> > Could a another solution be, since barnyard is not altering the packets,
> > have a options in the GUI (Snorby, Squil, Squert) frontends to select
> > weather or not to switch the "Orig IP" with the "XFF IP". This will of
> > course only work if Barnyard2 will start population the XFF/EXTRA DATA
> > to the database. Maybe this will be part of the new database schema?
> Yeppers, the new schema will natively support IPV6,EXTRA_DATA thus
> will correctly log them without an issue.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users