Does Snort work on Virtual IP's?
-
Does Snort work on Virtual IP's setup as Proxy ARP's?
If I had a /228 range, does it monitor every virtual IP on WAN?
-
/26 range that is….
-
Yes, it passively listens, IPs are irrelevant.
-
Thx Chris! Happy new years to you and your family and thanks for all the support in 2012!
-
Hate to dig up an old topic but I have Snort running on the WAN interface and a virtual IP newly added to the WAN interface. The same traffic passed through the virtual IP does not trigger Snort blocking or an alert entry in the log. I can run nmap once from a remote host to the WAN IP and it will immediately alert & block but on the virtual IP I can nmap 10x without any effects.
-
Hate to dig up an old topic but I have Snort running on the LAN interface and a virtual IP newly added to the LAN interface. The same traffic passed through the virtual IP does not trigger Snort blocking or an alert entry in the log. I can run nmap once from a remote host to the WAN IP and it will immediately alert & block but on the virtual IP I can nmap 10x without any effects.
Virtual IPs seem to have their own unique problems. Supermule has reported issues with Virtual IPs in his WAN getting blocked (at least that was true with the previous 2.9.2.3 version). Haven't heard from him yet whether or nor the same issue exists with 2.9.4.1.
I have not gotten around to it yet, but I want to build a CARP/Virtual IP environment in VMware and test out Snort and virtual IPs.
Bill
-
I havent updated since we are still seeing a lot of trouble Bill. The latest I run is with your custom code
-
I havent updated since we are still seeing a lot of trouble Bill. The latest I run is with your custom code
Do you perhaps have one firewall you could test the latest code with? I would be really interested in the results from a 2.0.2 box if you have any.
Bill
-
No worries. Will set one up during easter holidays when wife and kids are out shopping :D