[Snort-users] My Snort IDS Sensor Detected Metasploit Exploit Attempts

Eric G eric at ...15503...
Wed Apr 23 12:22:41 EDT 2014


On Wed, Apr 23, 2014 at 12:04 PM, Teo En Ming <teo.en.ming at ...11827...> wrote:

> Dear Eric G,
>
> I may not be able to tap my outside internet and feed it to Snort because
> I am running Snort in a virtual machine, and it's sitting behind a wireless
> router. Please look at the attached network diagram and offer me advice on
> how I can tap the outside internet and feed it to Snort.
>
> Thank you very much.
>
> Yours sincerely,
>
> Teo En Ming
>
Teo,

In the past, using VirtualBox I have built a VM with two interfaces
attached to it, one that had the VM's normal management IP and the other
interface had a physical interface from the underlying host passed directly
through into the Virtualbox VM, in order to achieve what you're asking for.
In Virtualbox there's an option to allow promiscuous mode in the VM as
well... http://seclists.org/snort/2012/q4/174 seems to be a thread that
matches up with what I'm describing here

You would need a managed switch capable of having a SPAN port on the
outside of your wireless router though. Or a hub would be a cheap way to do
it too.

--
Erichttps://www.linkedin.com/in/ericgearhart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140423/142df242/attachment.html>


More information about the Snort-users mailing list