Snort mailing list archives
Re: (no subject)
From: Chris Green <cmg () uab edu>
Date: Fri, 23 Nov 2001 06:15:13 -0600
"Don Dowling" <dowling_denis () hotmail com> writes:
Hi I'm looking at snort as a solution to a problem I've been given. Basically, we have a PCAnywhere machine on our corporate LAN. We want to allow an external company to access this machine for software updates. Obviously this is a security risk so we are looking at solutions that will eliminate this risk. One is to configure a linux firewall with scripts to disable all traffic (except PCAnywhere) using iptables when PCAnywhere traffic is detected and to enable all other traffic when no PCAnywhere traffic is detected.
Why do you allow everything on macvhines without PCAnywhere?
I'm looking at snort as the means of detecting the traffic but my question is can I configure snort to execute a script that will run iptables to disable all other traffic?
You should write a swatch script to perform the http://oit.ucsb.edu/~eta/swatch/ reconfiguration for the "detected traffic case". I think the correct solution though would be to have your admins VPN to a local machine and then use PC Anywhere to admin. -- Chris Green <cmg () uab edu> Laugh and the world laughs with you, snore and you sleep alone. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject), (continued)
- (no subject) Wells, Kenneth L (Nov 06)
- Re: (no subject) snortlst snortlst (Nov 06)
- (no subject) Wells, Kenneth L (Nov 06)
- Re: (no subject) james (Nov 06)
- Re: (no subject) Byron York (Nov 06)
- (no subject) jmgraham (Nov 13)
- Re: (no subject) Guillaume (Nov 14)
- RE: (no subject) Kevin Brown (Nov 14)
- Re: (no subject) Lsalas (Nov 20)
- (no subject) Don Dowling (Nov 22)
- Re: (no subject) Chris Green (Nov 23)
- Re: (no subject) Don Dowling (Nov 25)
- RE: (no subject) Michael Steele (Nov 23)
- Re: (no subject) Chris Green (Nov 23)
- (no subject) Radomski, Mike (Nov 26)
- Re: (no subject) Casey Allen Shobe (Nov 26)
- Re: (no subject) Roman Danyliw (Nov 26)
- (no subject) Eduard Meiler (Nov 27)
- Re: (no subject) Ralf Hildebrandt (Nov 27)
- RE: (no subject) Marc-Andre Hamelin (Nov 28)
- RE: (no subject) Roman Danyliw (Nov 29)
- (no subject) Bhargavi Srivathsan. (Dec 04)
(Thread continues...)
- (no subject) Wells, Kenneth L (Nov 06)