Snort mailing list archives

(no subject)

From: "Don Dowling" <dowling_denis () hotmail com>
Date: Fri, 23 Nov 2001 13:48:57 +0800

Hi

I'm looking at snort as a solution to a problem I've been given. Basically, we have a PCAnywhere machine on our 
corporate LAN. We want to allow an external company to access this machine for software updates. Obviously this is a 
security risk so we are looking at solutions that will eliminate this risk. One is to configure a linux firewall with 
scripts to disable all traffic (except PCAnywhere) using iptables when PCAnywhere traffic is detected and to enable all 
other traffic when no PCAnywhere traffic is detected. I'm looking at snort as the means of detecting the traffic but my 
question is can I configure snort to execute a script that will run iptables to disable all other traffic?

Thanks

Denis

Current thread:

(no subject), (continued)
- (no subject) Wayne Bornall (Oct 24)
- (no subject) Wells, Kenneth L (Nov 06)
  - Re: (no subject) snortlst snortlst (Nov 06)
- (no subject) Wells, Kenneth L (Nov 06)
  - Re: (no subject) james (Nov 06)
  - Re: (no subject) Byron York (Nov 06)
- (no subject) jmgraham (Nov 13)
  - Re: (no subject) Guillaume (Nov 14)
- RE: (no subject) Kevin Brown (Nov 14)
- Re: (no subject) Lsalas (Nov 20)
- (no subject) Don Dowling (Nov 22)
  - Re: (no subject) Chris Green (Nov 23)
    - Re: (no subject) Don Dowling (Nov 25)
  - RE: (no subject) Michael Steele (Nov 23)
- (no subject) Radomski, Mike (Nov 26)
  - Re: (no subject) Casey Allen Shobe (Nov 26)
- Re: (no subject) Roman Danyliw (Nov 26)
- (no subject) Eduard Meiler (Nov 27)
  - Re: (no subject) Ralf Hildebrandt (Nov 27)
- RE: (no subject) Marc-Andre Hamelin (Nov 28)
- RE: (no subject) Roman Danyliw (Nov 29)

(Thread continues...)