This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro and PacketAlarm

I’ve Astaro 4.0010 running working fine. Now I would like to use an intrusion detection system (IDS). I downloaded PacketAlarm and installed it. PacketAlarm is configured as Manager/Sensor with two NICs. First NIC (eth0) is connected to the internal LAN and second NIC (eth1) is acting in stealth mode (sniffer).

The Astaro FW has 5 NICs. (exernal, DMZ, internal network). So I have two NICs not in use. Is it possible (does it makes it sense) to connect the IDS box (eth1) directly to the Astaro firewall (eth3) to detect attacks?

Does somebody have experiences with PacketAlarm and Astaro? Were can I find additional information?

This thread was automatically locked due to age.

Parents

0 andreas over 22 years ago

If the NIC is not in use, you won't see much traffic on that interface. Therefore it does not make much sense. What you could do is
a) use an ethertap device in front or after your ASL to connect your sensor or
b) use a hub in front or after your ASL (this has performance implications)
Greets,
andreas
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 andreas over 22 years ago

If the NIC is not in use, you won't see much traffic on that interface. Therefore it does not make much sense. What you could do is
a) use an ethertap device in front or after your ASL to connect your sensor or
b) use a hub in front or after your ASL (this has performance implications)
Greets,
andreas
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data