Snort mailing list archives
Re: Automatic blocking with OpenBSD's pf dynamic rules.
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 27 Feb 2003 17:03:41 -0500
This tool already exists: http://www.snortsam.net/index.html this covers OpenBSD pf and FreeBSD ipf, and lots of others. At 04:32 PM 2/27/2003 -0500, Xavier Guilbeault wrote:
Hi all,I was wondering if it was possible to issue commands based on alert detections. The goal is to activate dynamic rules to pf (OpenBSD's firewall ) when an alert fires off. I was thinking of an ouput plugin that could be made to do this, but before starting coding I wanted to know if a similar feature already exists.If you are interested in this dynamic ruleset modification with pf, here is a port from Daniel Hartmeier regarding how he does that.http://marc.theaimsgroup.com/?l=openbsd-pf&m=104540589312892&w=2I know that it would need the stream4 preprocessor activated so only full tcp connections are blocked so no one may spoof an IP and block it.Maybe such thing may have been done with other firewalls, if it's the case please enlighten me.Thank you for your time Xavier Guilbeault ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Automatic blocking with OpenBSD's pf dynamic rules. Xavier Guilbeault (Feb 27)
- Re: Automatic blocking with OpenBSD's pf dynamic rules. Matt Kettler (Feb 27)