IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: High availability design of NIDS

From: Jose Maria Lopez Hernandez <jkerouac () bgsec com>
Date: Fri, 25 Feb 2005 13:34:57 +0100
El jue, 24-02-2005 a las 23:22 +0530, John Galt escribió:

hello! i have been experimenting with NIDS (snort) on linux, but with
a single sensor only. I worked with snort, coupled with adodb, acid
etc, but didn't come across drdb or heartbeat. Could you please give
me pointers as to what these are, and where can I get more info on
them? Also, if you have some documentation done on the above and can
be released, it'll be useful if i can go thru it.

Am currently running snort on FC2.

Thanks and regards

John Galt


Please read the post I have just sent to the list. It explains
the method I used to implement a high availability snort. It's
not the only method you can use, there are others. And the
really challenging thing it's to do this in active-active mode,
what we are already trying with a similar method.

The pointers you ask for are:

heartbeat: It's a system that implements the heartbeat protocol
over Linux, it has made a lot of advances lately, and it's a
very capable system, but somehow limited to active-passive mode.
The url its: http://www.linux-ha.org/

drbd: It's a system to implement a RAID-1 over the network in
a cluster of two Linux machines. It's also oriented to active-passive
mode, but it works like a charm in that configuration. It can
have two partitions synced almost in real time and it has a
heartbeat script for implementing the failovers. It can be used
successfully to replicate databases with it's C mode of operation,
that uses some kind of transaction system to check the data it's
written successfully in the other end of the system
The url its: http://www.drbd.org/

Hope it helps.

Regards.

-- 

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: