| Main Archive Page > Month Archives > snort-users archives |
[Snort-users] don't interrupt traffic when snort inline crashes
From: Guillaume Daleux <guillaume.daleux_at_nospam>Date: Sat Apr 14 2012 - 04:06:09 GMT
To: <snort-users@lists.sourceforge.net>
Hi all,
We decided to use snort inline as an IPS.
We will deploy snort inline on network and we have one question about what will happen when machine or snort will crash.
- If our machine crashes, we have a fail open card so traffic will be forward. (of course without IPS but we think it's better to not interrupt network traffic)
- My question is if snort crashes, the bridge between our interface will be broken but the system will be up so fail open card will not work as a bridge and we will lost every packets.
How could we resolve this issue to not interrupt traffic after snort crashes ?
Thanks for your answer.
Guillaume DALEUX
tel : 450.430.8166 x2279 | guillaume.daleux@abovesecurity.com
sans frais / toll free : 1.866.430.8166 | fax: 450.430.1858
Managed Security Services ? Information Risk Management
Surveillance ? Gestion Des Risques Informationnels
203 - 1919 boul. Lionel-Bertrand ? Boisbriand ? QC ? Canada ? J7H 1N8
www.abovesecurite.com
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!