IDS mailing list archives

Re: Ossim

From: Craig Rodenberg <crodenberg () gmail com>
Date: Mon, 26 Sep 2005 12:21:22 -0500

Great tip, Frank!

Good stuff. Using snortsam, it should be pretty easy to get OSSIM to
display the current status of applied ACL's (active / removed) to
routers and firewalls.

Thanks again!

--
Craig Rodenberg, GIAC
Director, Information Security
Red Plaid Hosting

On 9/22/05, Frank Knobbe <frank () knobbe us> wrote:

On Wed, 2005-09-21 at 13:49 -0500, Craig Rodenberg wrote:

The Cisco ACL creation and PIX firewall rule insertion features are
what I spent the most time on. The basic functionality for attack
blocking is already there, but you'll want to make sure that a DDoS
attack (or other spoofed attack) does not cause you to ACL / firewall
your network against the entire internet.

OSSIM and AAnval seem to be the best "free" NETSEC tools right now.


You might want to check out SnortSAM at http://www.snortsam.net.

Cheers,
Frank



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQBDM1i6wBQKb2zelzoRAkSYAKCgHAnWMZOYTq5KUf0R+JFdWVvHWgCfaAtn
MucRow1DcnL9mfBsV8VLhiw=
=Oeww
-----END PGP SIGNATURE-----

Current thread:

OSSIM Tales Teixeira (Sep 01)
- <Possible follow-ups>
- Ossim Syn Ack (Sep 21)
  - Re: Ossim Craig Rodenberg (Sep 22)
    - Message not available
    - Re: Ossim Craig Rodenberg (Sep 26)
- Re: Ossim Adolfo . (Sep 22)
- Re: Ossim luciani . giorgio (Sep 22)
  - Re: Ossim Andre Ludwig (Sep 26)
- RE: Ossim Hoover, James A (THIP, Corp) (Sep 27)