Firewall Wizards mailing list archives
Re: Snort based Cisco ACL traffic shunning...?
From: Laurent LEVIER <llevier () argosnet com>
Date: Sat, 03 Nov 2001 13:59:44 +0100
Greg, I have Pixes under IOS 5.3.2. Pix logs from what I found are getting more and more poor each new upgrade. CISCO IDS is even a more poor but very expensive "IDS" feature. I setup some progs to detect scans, or bad network behavior with Pix, but they cannot be used anymore now at Pix logs: protocol source to target (ports? what is ports?) My advice: purchase a Shomiti box (700 USD) and put it between Pix & internal network on outgoing traffic (write to pix) and another one you put between Pix & external network (write to pix). You will then have what looks like really an IDS, not a CISCO shit... My 2 cents... @+/L At 08:08 02/11/2001 -0700, J B wrote:
Anyone know of anything anybody's written that configures Cisco PIX (or IOS) ACL's for traffic shunning based on snort alerts? I know guardian can do this with ipf or chains or something. Seems that with the big bucks that Cisco gets for their IDS's because of this feature, that something like this would be out there already. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Laurent LEVIER IT Systems & Networks, Unix System Engineer, Security Expert Argosnet Security Server : http://www.Argosnet.com "Le Veilleur Technologique", "The Technology Watcher" _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Snort based Cisco ACL traffic shunning...? J B (Nov 03)
- Re: Snort based Cisco ACL traffic shunning...? Laurent LEVIER (Nov 03)
- <Possible follow-ups>
- RE: Snort based Cisco ACL traffic shunning...? Frank Knobbe (Nov 03)