[Snort-users] Snort and my VLANs

Ayodele Okeowo aymacro at ...11827...
Fri Feb 15 11:14:49 EST 2013


Unfortunately, I responded to the last thread that showed up on my phone,
then I found out you solved the problem after I've hit sent. :)

Glad it's working for you Josh. Enjoy the rest of your day as well.

Ayo


On Fri, Feb 15, 2013 at 11:09 AM, Josh Bitto <jbitto at ...16055...> wrote:

> I actually resolved this…but since its Friday and you might not enjoy the
> rest of your life without knowing this. :P****
>
> We are using proxmox virtual environment with a pfsense firewall…..so all
> my interfaces are created through that……Turns out I did everything
> correctly I was just being a noob on triggering events.****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Ayodele Okeowo [mailto:aymacro at ...11827...]
> *Sent:* Friday, February 15, 2013 5:54 AMA
> *To:* Josh Bitto
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* Re: [Snort-users] Snort and my VLANs****
>
> ** **
>
> Josh,
>
> YM is right, you will need a distributed IDS to do this, however, what you
> can do is, place your Sensor in a specific VLAN, and then assign that VLAN
> to the egress interface of your Core switch or edge router before traffic
> cross over to the Internet. This way you would be able to sense and drop
> any packets.
>
> And if you want to capture/sniff packets per VLAN, create a port mirroring
> on a VLAN, then assign that VLAN to the interface where your IDS is plugged
> to. All traffic will be mirrored to this interface so you can monitor them
> on your IDS.
>
> Are your devices Ciscos or Juniper or mixed environment?
>
> ****
>
> Ayo****
>
> ** **
>
> On Thu, Feb 14, 2013 at 4:56 PM, Josh Bitto <jbitto at ...16055...>
> wrote:****
>
> I’m having issues where I am not able to determine if I can actually catch
> bad traffic with snort.****
>
>  ****
>
> Right now I have snort in a test lab where I have interfaces WAN, LAN….and
> then my VLANS. My firewall does all the routing and has the vlans setup. So
> when I go to testmyids.com and trigger a rule I get the rule triggered on
> my WAN interface but not any of my VLANs……****
>
>  ****
>
> Basically what I’m trying to initiate is if a user brings in a byod…I want
> to be able to detect anything on that machine when it connects to my
> internal vlan.****
>
>  ****
>
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130215/65acdc0e/attachment.html>


More information about the Snort-users mailing list