Re: Snort forwarding/redirecting traffic based on alert

[Joel Esler <jesler () sourcefire com>]

On Oct 3, 2012, at 6:46 PM, Mr. Qoheleth <qoheleth26 () gmail com> wrote:

> I am relatively new to Snort and wanted to do some development using Snort.  My goal is to put Snort in-line with the 
> network as an IPS.  I would like to forward (or re-direct) traffic matching pre-set rules to a certain computer or IP 
> (say honeypot address or something like that) and then traffic that does not meet any of my alert rules, I would like 
> to direct it to a different system (say another system handling my external routing out of the network.)  Do you know 
> of a way to accomplish this?
>
> i.e. Is there a way, using Snort to inspect network traffic and re-direct traffic based on various 
> alert/rules/signatures?
>
> Thank you sooo much for your expertise!  

I don't know if the project is still active (last update appears to be 2009) but Honeywall did this:

https://projects.honeynet.org/honeywall/

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!