[Snort-users] Snort IPS in a Virtual Machine

[João Ferreira]

I' am trying to find a way to set snort as IPS in a VM. I cant on host because its windows and i think snort doesn't work as IPS on windows. Suggestions please.

[Al Lewis (allewi)]

Use a *nix machine :-)

Albert Lewis

ENGINEER.SOFTWARE ENGINEERING

SOURCEfire, Inc. now part of Cisco

Email: all...@cisco.com 

[Dave Osbourne]

Are you bridging VLANs (in IPS mode) or 2 physical interfaces?  I thought about trying to use it to bridge 2 VLANs with a virtual NIC in each one, but in the end bought a solid state PC and opted for that out of fear of the unknown (;

D

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

[Anton Bezkrovny]

Hi!

>> I' am trying to find a way to set snort as IPS in a VM. I cant on host because its windows and i think snort doesn't work as IPS on windows. Suggestions please

we have made so:

1.      VM CentOS7 at ESXI, with 3 eth, 2 in L2 in bridge and 1 L3 - management

2.      Snort + DAQ nfq + Aanval.

3.      Get working IPS.

 

Best regards,

Anton Bezkrovny

Specialist of Audit and Control Information Systems Team

Information Security Department

Lamoda | Letnikovskaya 10, bldg. 5 | Moscow | Russia

+7(495) 640-80-65, Ext. 3229

+7(915) 022-71-97

www.lamoda.ru

__________________________________________________________________________

CONFIDENTIALITY NOTICE: The information contained in the present message (including any information contained in attachments herein) may be confidential and privileged. It may be read, copied and used only by the intended recipient. If you have received it in error please contact the sender (by return e-mail) immediately and delete this message. Any unauthorized use or dissemination of this message in whole or in parts is strictly prohibited. Print this message only if sharp necessary.

УВЕДОМЛЕНИЕ О КОНФИДЕНЦИАЛЬНОСТИ: Информация, содержащаяся в настоящем сообщении (включая любое вложение) может быть конфиденциальной и охраняться действующим законодательством. Сообщение может быть прочитано, скопировано и использовано исключительно лицом, которому сообщение предназначается. Если Вы получили настоящее сообщение по ошибке, пожалуйста, незамедлительно сообщите об этом отправителю (ответным письмом по электронной почте). Любое несанкционированное использование или распространение информации, содержащейся в настоящем сообщении в целом или в части, строго запрещены. Не распечатывайте настоящее сообщение, если в этом нет крайней необходимости.

[Y M]

Have a look at this document titled "Build IPS Virtual Appliance Based on Vmware ESXi, Snort and Debian Linux" on Snort' website documentation section:

https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/069/original/Snort-IPS-Tutorial.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1469533274&Signature=WG35xThkYrc8O0Wfsna9Sp3MHgw%3D

YM

Sent from Mobile

[B]

This document doesn’t seem to exist either via the link or via the Snort website documentation. Amazon AWS says expired. 

Thanks

[Y M]

It should be on in the documents sections of Snort's website, under Snort Deployment Guides, Snort IPS tutorial. The title I posted earlier was the full tittle of the document.

YM

[gamzeka...@gmail.com]

When I write the command "snort -Q --daq nfq --daq-mode inline --daq-var
queue=0 -c /etc/snort/snort.conf -A Console -l /var/log/snort/"
I get this message :
"HttpInspectConfigCheck() default server configuration not specified
Fatal Error, Quitting.."
What is the problem? Could you help me?