Re: snorting bridges? [ Was: Re: iptables with a linux bridge ]

To: martin f krafft <madduck@madduck.net>, debian-security@lists.debian.org
Subject: Re: snorting bridges? [ Was: Re: iptables with a linux bridge ]
From: wes schreiner <wes@infosink.com>
Date: Wed, 05 Dec 2001 11:51:18 -0600
Message-id: <[🔎] 3C0E5E96.83BE7FE@infosink.com>
References: <20011129042445.A28137@fishbowl.madduck.net> <Pine.LNX.4.32.0111291627270.19291-100000@server.murcott.net> <20011129044013.H26177@fishbowl.madduck.net> <[🔎] 20011202125938.M7108@wiggy.net> <[🔎] 20011202193348.E4667@fishbowl.madduck.net> <[🔎] 20011202223001.C32253@wiggy.net> <[🔎] 20011202230504.A27778@fishbowl.madduck.net> <[🔎] 1007380970.31141.4.camel@hiryuu> <[🔎] 20011204183316.B28455@fishbowl.madduck.net>

martin f krafft wrote:
> 
> * Rens Houben <shadur@systemec.nl> [2001.12.03 13:02:50+0100]:
> > Anyways, I've been following this thread and wondering: Is there any
> > reason why snort would or would not work with a bridge?
> 
> snort is a tool that primarily assesses ip, tcp, and application level
> protocols. if you run it on a bridge, it will have a hard time seeing
> any data because the bridge will "relay" before ip is touched. snort
> should still be able to get the data because while the bridging code
> may or may not rewrite the frame and send it out on another interface,
> it does not prevent the encapsulated data to be branched off for
> snort's use. but i am not sure actually.

They who post before searching deserve what they get.  Hogwash (see
http://hogwash.sourceforge.net/ ) is exactly the marriage of snort and a
bridge.  It works quite well, and doesn't have any sort of "hard time"
seeing data.  

wes

Reply to:

References:
- Re: iptables with a linux bridge
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: iptables with a linux bridge
  - From: martin f krafft <madduck@madduck.net>
- Re: iptables with a linux bridge
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: iptables with a linux bridge
  - From: martin f krafft <madduck@madduck.net>
- snorting bridges? [ Was: Re: iptables with a linux bridge ]
  - From: Rens Houben <shadur@systemec.nl>
- Re: snorting bridges? [ Was: Re: iptables with a linux bridge ]
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: ssh: Packet integrity error
Next by Date: Unidentified subject!
Previous by thread: Re: snorting bridges? [ Was: Re: iptables with a linux bridge ]
Next by thread: finding hidden processes
Index(es):
- Date
- Thread