Snort mailing list archives
RE: snortsam : snort + CheckPoint FW
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Wed, 3 Oct 2001 12:44:02 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: David Bouscasse [mailto:bouscasse_david () yahoo fr] Sent: Wednesday, October 03, 2001 3:43 AM As I didn't saw any references to this snort plugin for checkpoint FW1... URL : http://www.snortsam.net/index.asp Author : Frank Knobbe Cheers, David
David, actually it had been announced here as well, but I don't mind seconds :) Anyway, just wanted to give everyone an update (just like Marty did ;) * By end of Oct: I'm currently engaged in long project and won't be able to code much until later part of this month. But by end of October I should have support for the normal OPSEC library (for those platforms that a library is available for). This OPSEC library is to fully comply with Checkpoints standard. As you know, Snortsam currently assembles its own OPSEC packet (which is actually faster, but is limited to clear text). * Sometime November: As part of that integration, I'll be changing the blocking code to make it more modular. I'm envisioning a blocking system that can take on any firewall. People have expressed interest in Cisco ACL on-the-fly-rewrites and IPtables/chains/filters. * Shortly thereafter: Since these other blocking modules do not perform their own timeouts, a main loop will need to be rewritten so that SnortSam itself can expire blocks (i.e. for Cisco ACL's rewrites). * During that process: We'll be giving the option of using UDP instead of TCP. Personally I don't think that's a good idea, but folks were asking for it. (Michael, we need to talk about this some more ;) * Sometime later: Current communication between snort and snortsam is TwoFish encrypted. The crypto was provided in source to make it easier to move across platforms. However, we are planning of supporting a crypto library to give users the choice of algorithm used. So, sometime in November, anyone interested should be able to contribute with their own firewall blocking code (i.e. code for time based IPfilter blocks). Another announcement will be made end of this month. Regards, Frank PS: Thanks to Marty for letting me use the snort mail list for snortsam announcements ;) I'll be setting up a snortsam announcement list soon. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBO7tOYpytSsEygtEFEQKCDQCfZqhci/+yaOvBi/eK1sqGB80du7EAniKa duufW2E7PjOP6ByiZDTk6Gec =R3I4 -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snortsam : snort + CheckPoint FW David Bouscasse (Oct 03)
- <Possible follow-ups>
- RE: snortsam : snort + CheckPoint FW Frank Knobbe (Oct 03)