IDS mailing list archives
Re: Ossim
From: Craig Rodenberg <crodenberg () gmail com>
Date: Mon, 26 Sep 2005 12:21:22 -0500
Great tip, Frank! Good stuff. Using snortsam, it should be pretty easy to get OSSIM to display the current status of applied ACL's (active / removed) to routers and firewalls. Thanks again! -- Craig Rodenberg, GIAC Director, Information Security Red Plaid Hosting On 9/22/05, Frank Knobbe <frank () knobbe us> wrote:
On Wed, 2005-09-21 at 13:49 -0500, Craig Rodenberg wrote:The Cisco ACL creation and PIX firewall rule insertion features are what I spent the most time on. The basic functionality for attack blocking is already there, but you'll want to make sure that a DDoS attack (or other spoofed attack) does not cause you to ACL / firewall your network against the entire internet.OSSIM and AAnval seem to be the best "free" NETSEC tools right now.You might want to check out SnortSAM at http://www.snortsam.net. Cheers, Frank -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBDM1i6wBQKb2zelzoRAkSYAKCgHAnWMZOYTq5KUf0R+JFdWVvHWgCfaAtn MucRow1DcnL9mfBsV8VLhiw= =Oeww -----END PGP SIGNATURE-----