Menu
▾
▴
[Snort-inline-users] snort_inlie and asymetric routing
|
From: aria a. <ari...@ya...> - 2006-03-07 19:51:32
|
Hi and thank you Dear William , so you mean if I use : iptables -A FORWARD -p tcp -j QUEUE and start snort with -Q and disbale : stream4 and stream4 reassembly , my snort should work in inline mode with no problem ? I'm going to assure someone that snort_inline is able to work as IPS in these situation ( asymetric) but as you mentioned we must look carefully to traffic as well . am i right ? also I'd like to know what do you recommend for these situation for an IPS to work with better functionality? With Regards and Excuse me for my bombing questions . Your functionality is greatly reduced as you are only seeing half of the conversation. Disable stream4 and stream4 reassembly and see if you start to get alerts. Regards, Will On 3/7/06, aria asadi <ari...@ya...> wrote: > > Hi , > Would you plz let me know if it's possible to use snort_inline as a IPS in a > network that use Asymetric routing ( my outoging traffic goes to internet > from my router and comes back from my DVB system ) , I'd like to use > snort_inline as bridging IPS between my DVB system and my local network to > capture incomming traffic and check it against snort rules . > With Regards --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. |
