WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Running snort on dom0

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Running snort on dom0
From: Torsten Lehmann <tlehmann@xxxxxxxxxxxxx>
Date: Wed, 16 May 2007 21:34:14 +0200 (CEST)
Delivery-date: Thu, 17 May 2007 02:52:41 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> I need to monitor all traffic and block bad requests on my guest
> machines and also on my xen host. To accomplish this I think to
> install snort on my dom0 host (rhel5). Somebody have
> tried this? What about performance on guests??

- work identical to fw,sniffer,net-acct...

  --- peth0  ---- eth0 ----- dom0
              |
              --- vif1.0 --- dom1

- snort read default from eth0
- would you scan complete traffic, bind snort to peth0
- would you scan dom1, bind snort to vif1.0

Torsten


--
Torsten lehmann
Launoc


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>