Transparent Proxy / Snort

Discussion in 'other firewalls' started by 0peratorX, Feb 17, 2010.

Thread Status:
Not open for further replies.
  1. 0peratorX

    0peratorX Registered Member

    Feb 17, 2010
    After mulling this over in my mind, I am ready to put and end to this:

    HDD / RAM Persistence in something attacking my LAN

    But, before I do, I would like to suffer myself a little longer to try to discover the nature of this "thing" (for my own sense of accomplishment and to make sure that I eliminate it from my machines).

    So, does anyone have any experience in placing a transparent proxy in front of the router?

    My 2003 box has two NICs and I have available a spare HDD that I would like to play with installing Fedora, SUSE or CentOS on to monitor the inbound / outbound traffic after I remove the firewall on the suspect machine.

    Right now, I still have personal files on the local drive, but I am thinking it would be educational and "fun" to finish the stripping process, place it on a separate subnet and "lower the shields" to get a final glimpse of whatever has been ailing me before I swap out the primary drive and begin the process of putting the machine back the way I like it.

    So far, I have found EasyIDS - although I am sure I could just do a vanilla FC install and get Snort.

    Anyway, I suspect that others here may have experience with more "simple" ways of doing this. And that is the impetus for my query...

Thread Status:
Not open for further replies.