is there a way from iptables/iproute to forward all traffic to my IDS and also keep the regular flow

Question

The reason of this, is that to catch all packages into my IDS keeping my existing enviroment, so the IDS does not become a single point of failure. If route all my traffic into my IDS and from my IDS to the internet then if the IDS goes down my whole network goes down and all our production 24/7 services.. not a good idea. any thoughs? Thanks

score 4 · Accepted Answer · edited Mar 20 '17 at 10:16

4

Consider using iptables TEE target. For example:

-t mangle -A PREROUTING -i eth0 -j TEE --gateway <your IDS IP>

More information here and/or here

edited Mar 20 '17 at 10:16

Community

1

answered Jan 09 '15 at 18:27

Eduardo Ramos

268
1
6

Thanks, let me look into this, since all this is on AWS/VPC I do not have control of switches so has to be with software. – merge delete Jan 13 '15 at 20:37

score 0 · Answer 2 · answered Jan 09 '15 at 17:15

0

It is very easy with port mirroring. However it needs expensive switches like cisco.

answered Jan 09 '15 at 17:15

Kazim SARIKAYA

11
3

is there a way from iptables/iproute to forward all traffic to my IDS and also keep the regular flow

2 Answers2