Topic
  • 3 replies
  • Latest Post - ‏2013-01-31T22:01:41Z by seroyer
SystemAdmin
SystemAdmin
1743 Posts

Pinned topic Network IDS for PowerVM ?

‏2013-01-31T15:53:31Z |
I would like to know if there's a network IDS (Intrusion Detection System) solution for PowerVM, i.e. to monitor the ethernet communication between the VMs inside the same host ?

With VMware, there are "virtual appliances" that you can install inside the host that can interact with the hypervisor.

I'm wondering if there's such a solution for PowerVM.

Thanks.
Updated on 2013-01-31T22:01:41Z at 2013-01-31T22:01:41Z by seroyer
  • k0da
    k0da
    3 Posts

    Re: Network IDS for PowerVM ?

    ‏2013-01-31T16:35:04Z  
    You can try to compile "Snort" for example.
  • SystemAdmin
    SystemAdmin
    1743 Posts

    Re: Network IDS for PowerVM ?

    ‏2013-01-31T20:48:56Z  
    • k0da
    • ‏2013-01-31T16:35:04Z
    You can try to compile "Snort" for example.
    I know I can compile "snort" but after that, I need to redirect all the ethernet communications from other VMs to the one that has snort. I don't want to change the ethernet configuration from other VMs.

    I was wondering if there's a product that can interact directly to the hypervisor or the virtual switch ? Or there's a way to configure port mirroring or switched port analyzer (SPAN)on the virtual switch ?
  • seroyer
    seroyer
    352 Posts

    Re: Network IDS for PowerVM ?

    ‏2013-01-31T22:01:41Z  
    I know I can compile "snort" but after that, I need to redirect all the ethernet communications from other VMs to the one that has snort. I don't want to change the ethernet configuration from other VMs.

    I was wondering if there's a product that can interact directly to the hypervisor or the virtual switch ? Or there's a way to configure port mirroring or switched port analyzer (SPAN)on the virtual switch ?
    There is no such solution today. Direct LPAR to LPAR communication cannot be intercepted by any third party. If you can force all traffic to flow out through an SEA to a physical network, then you could trace it there. You would have to use tricks like ensuring no client LPARs are on the same subnet and their gateways are external to physical system.

    Steve