[LARTC] is packet duplicating possible for ids?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
I am a newbie to this all (advanced routing) but would like to know
more :-)

I have a situation where I would like to use tc or any tool to send
all incoming (and perhaps outgoing) traffic not only to itsd
destination but also past a ids snort box. The trouble is that my
external interface to the internet is a pptp connection (ask my
provider why) and thus the ppp0 device. This device is located on a
linuxbox where a pptp connection is made to a adsl modem. The 
gateway
masqeurades then to the internal private network. Normally I would 
set
up the ids on a hub between the gateway and the  modem, but 
since the
connection goes over pptp snort can't see traffic. I do not want to
make the gateway ids, because it is an old machine also web-
serving.

So I am wondering if I can somehow create something equal to a 
sniffer port on a switch and send all traffic comning in/out of ppp0
to an internal ip adress (where snort is).

hope you can help me

hc
Theories come and go, the frog stays [F. Jacob]      
-------------------------------------------------------
Hans-Cees Speel http://www.hanscees.com
pgp public key at http://www.hanscees.com/hcs.asc

Editor "Journal of Memetics Evolutionary Models of Information 
Transmission"
http://www.cpm.mmu.ac.uk/jom-emit
submit papers to the new managing editors at
w.m.dejong@tbm.tudelft.nl or mikeb@media.mit.edu



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux