[Snort-users] Virtual Machines and Hypervisors
Juan Camilo Valencia
juan.valencia at ...16028...
Tue Jan 29 10:00:11 EST 2013
Great thank you, I'm going to try.
On Tue, Jan 29, 2013 at 9:36 AM, Joel Esler <jesler at ...1935...> wrote:
> No, not really (vms sending identifying traffic), the best detection
> method is detection of multiple macs from a single IP, or multiple IPs from
> a single mac.
> On Jan 29, 2013, at 9:24 AM, Juan Camilo Valencia <
> camilo.valencia13 at ...11827...> wrote:
> Hi Guys,
> I thought that maybe the VM generate some kind of flags in the headers of
> the protocols to communicate in the network. Basically I can detect the MAC
> address and associate them with and IP address, however there are scenarios
> that the people can change the MAC address and the method that I use is not
> valid. But Thanks a lot for your fast answer,
> Best Regards,
> On Tue, Jan 29, 2013 at 9:06 AM, Joel Esler <jesler at ...1935...> wrote:
>> On Jan 29, 2013, at 7:59 AM, Juan Camilo Valencia <
>> juan.valencia at ...16028...> wrote:
>> Hi Guys,
>> I am trying to find a way to ban virtual machines and hypervisors in our
>> network, I made a quicly research and I didn't found anything.
>> Can somebody tell me if exist a way or a method to detect that, one of my
>> ideas is when the VM is configured in NAT mode detect that kind of traffic,
>> but the problem is when the VM is configured in bridge mode.
>> It's a bit difficult to take care of this task via Snort as it involves
>> tracking host vs. mac address vs. traffic. Snort doesn't help inherently
>> with this.
>> Sourcefire makes another product that does this (it's not open source) in
>> our commercial products.
>> *Joel Esler*
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
> JUAN CAMILO VALENCIA VARGAS
> Ingeniero de Operaciones
> SeguraTec S.A.S
> Calle 11 # 43B-50 of 307
> Medelllín Colombia
> *“Choose a job you love, and you will never have to work a day in your
JUAN CAMILO VALENCIA VARGAS
Ingeniero de Operaciones
Calle 11 # 43B-50 of 307
*“Choose a job you love, and you will never have to work a day in your life”
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users