[Pauldotcom] running Snort on a VirtualBox internal network
Robin Wood
robin at digininja.org
Sat Nov 13 17:39:54 UTC 2010
In an attempt to add Snort to my VirtualBox lab I was wondering if it
was possible to set up a mirror port on a VirtualBox internal network.
The setup I've got is a group of about 6 machines on an internal
network and another machine with two interfaces, one on the internal
network and one bridged to the real world currently running pfSense
(yes, I know pfSense will run Snort but that will only be on traffic
passing through the firewall). I use the pfSense box to open and NAT
different internal machines to the real world so I can fire off
different attacks, for this running Snort on pfSense would help but
I'd also like to have it running on a mirror on the switch so that I
can watch what alerts trigger when I try to pivot inside that network.
I've tried asking on the VirtualBox forums but I don't think they
really understand what I'm trying to setup. Does anyone know if this
is possible and if so how to do it?
Robin
More information about the Pauldotcom
mailing list