Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to use Snort for traffic shapping purposes?

    IDS/IPS
    2
    4
    776
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FireBean last edited by

      Ever since Layer 7 was removed, it was recommend to use snort to help with application identification. I see how snort does this but I don't see how I can link SID to a traffic queue… And there is no guide that I can find that does this and searching forums is not granular enough to find what I'm looking to do.

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        @FireBean:

        Ever since Layer 7 was removed, it was recommend to use snort to help with application identification. I see how snort does this but I don't see how I can link SID to a traffic queue… And there is no guide that I can find that does this and searching forums is not granular enough to find what I'm looking to do.

        Snort cannot be used for any kind of traffic shaping.  That's not its function and it is not designed to understand queues.

        Bill

        1 Reply Last reply Reply Quote 0
        • F
          FireBean last edited by

          Then why was it even suggested? There is no way to get Snort to tag traffic in a sense for the FIREWALL to drop the traffic in the propper queue?

          1 Reply Last reply Reply Quote 0
          • bmeeks
            bmeeks last edited by

            @FireBean:

            Then why was it even suggested? There is no way to get Snort to tag traffic in a sense for the FIREWALL to drop the traffic in the propper queue?

            No, not without rewriting the binary.  It's an IDS/IPS, not a traffic shaper.  The Level 7 inspecting part you saw in the blog post is about inspecting traffic against specific applications for alerting on it or blocking it, not for shaping it.  So the OpenAppID feature of Snort would allow it to identify and drop Facebook traffic or other social media apps, for example.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post