Re: Snort based Cisco ACL traffic shunning...?

[Laurent LEVIER <llevier () argosnet com>]

Greg,

I have Pixes under IOS 5.3.2. Pix logs from what I found are getting more and more poor each new upgrade.

CISCO IDS is even a more poor but very expensive "IDS" feature.

I setup some progs to detect scans, or bad network behavior with Pix, but they cannot be used anymore now at Pix logs:
protocol source to target (ports? what is ports?)

My advice: purchase a Shomiti box (700 USD) and put it between Pix & internal network on outgoing traffic (write to pix)
and another one you put between Pix & external network (write to pix).

You will then have what looks like really an IDS, not a CISCO shit...

My 2 cents...

@+/L

At 08:08 02/11/2001 -0700, J B wrote:
> Anyone know of anything anybody's written that configures Cisco PIX (or IOS)
> ACL's for traffic shunning based on snort alerts?  I know guardian can do
> this with ipf or chains or something.  Seems that with the big bucks that
> Cisco gets for their IDS's because of this feature, that something like this
> would be out there already.
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

Laurent LEVIER
IT Systems & Networks, Unix System Engineer, Security Expert

Argosnet Security Server : http://www.Argosnet.com
"Le Veilleur Technologique", "The Technology Watcher"

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards