From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Hans-Cees Speel" Date: Tue, 12 Mar 2002 10:19:40 +0000 Subject: [LARTC] is packet duplicating possible for ids? Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi, I am a newbie to this all (advanced routing) but would like to know more :-) I have a situation where I would like to use tc or any tool to send all incoming (and perhaps outgoing) traffic not only to itsd destination but also past a ids snort box. The trouble is that my external interface to the internet is a pptp connection (ask my provider why) and thus the ppp0 device. This device is located on a linuxbox where a pptp connection is made to a adsl modem. The gateway masqeurades then to the internal private network. Normally I would set up the ids on a hub between the gateway and the modem, but since the connection goes over pptp snort can't see traffic. I do not want to make the gateway ids, because it is an old machine also web- serving. So I am wondering if I can somehow create something equal to a sniffer port on a switch and send all traffic comning in/out of ppp0 to an internal ip adress (where snort is). hope you can help me hc Theories come and go, the frog stays [F. Jacob] ------------------------------------------------------- Hans-Cees Speel http://www.hanscees.com pgp public key at http://www.hanscees.com/hcs.asc Editor "Journal of Memetics Evolutionary Models of Information Transmission" http://www.cpm.mmu.ac.uk/jom-emit submit papers to the new managing editors at w.m.dejong@tbm.tudelft.nl or mikeb@media.mit.edu _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/