Monitor the traffic form interface and pass it to other interface

Zeek
1



Dear all



I have server with Ubuntu 8.10 operating system and Bro Ids 1.4, and there are two network interfaces installed in this server eth0 and eth1.



The interface eth0 connected to the internet, and the interface eth1 connected to my special local area network.



How can I make Bro IDS monitor and analyze all the traffic come from eth0? And after that pass the traffic to eth1?







Regards,



Kaled Hussain



M.Sc. IT Student



UUM

|

2

How can I make Bro IDS monitor and analyze all the traffic come from eth0?

Use
  redef interfaces = "eth0";

in you policy script, or "bro -i eth0 ..." when you execute Bro.

And after that pass the traffic to eth1?

Bro doesn't have a packet forwarding capability for inline operation.

    Vern

3

Hello,

I'm not (yet) sure of what's your exact setup but Bro acts as a "viewer" and
is unable to inject data.
Now about your need, if you want to get packets on eth0 and just forward
them to eth1, you may use firewall's rules.

With regards,

Jean-Philippe.

* Nasiriyah Iraq <inasiriyah@yahoo.com> [2009-03-06 05:08:16 -0800]:

4


Hello

Thank you for replay
Actualy I want to use Bro as Intrusion Prevention System, and I want to know which processors or options which affect the delay time?

With regards

Kaled Azrane



— On Sat, 3/7/09, jean-philippe luiggi jean-philippe.luiggi@didconcept.com wrote:



> From: jean-philippe luiggi jean-philippe.luiggi@didconcept.com
> Subject: Re: [Bro] Monitor the traffic form interface and pass it to other interface
> To: “Nasiriyah Iraq” <inasiriyah@yahoo…com>
> Cc: bro@ICSI.Berkeley.EDU
> Date: Saturday, March 7, 2009, 8:02 PM
>
> <br>> Hello,<br>> <br>> I'm not (yet) sure of what's your exact setup but Bro acts as a<br>> "viewer" and<br>> is unable to inject data.<br>> Now about your need, if you want to get packets on eth0 and just forward<br>> them to eth1, you may use firewall's rules.<br>> <br>> With regards,<br>> <br>> Jean-Philippe.<br>> <br>> * Nasiriyah Iraq <inasiriyah@yahoo.com> [2009-03-06 05:08:16 -0800]:<br>> <br>> > Dear all<br>> > I have server with Ubuntu 8.10 operating system and Bro Ids 1.4, and there<br>> are two network interfaces installed in this server eth0 and eth1.<br>> > The interface eth0 connected to the internet, and the interface eth1<br>> connected to my special local area network.<br>> > How can I make Bro IDS monitor and analyze all the traffic come from eth0?<br>> And after that pass the traffic to eth1?<br>> <br>> <br>>

|