Snort mailing list archives
RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users]
From: "Romulo M. Cholewa" <rmc () rmc eti br>
Date: Tue, 28 Jan 2003 20:20:44 -0300
Since we had some very useful info on how to receive an email from snort logs, let's see the second question: how to dynamically configure a firewall on Windows with the info provided by snort ? Well, it's possible. My first thought was to use netsh, the Network Shell native command interface. It's possible, but it is not "user friendly" like iptables or ipchains. Then I found pktfilter. http://www.hsc.fr/ressources/outils/pktfilter/ Full documented, not as powerfull as iptables, but now it's a question of time to configure snort / swatch / pktfilter and finally have it. It would be nice to hear from you, if anyone will give it a try. I'll keep the list posted. Regards, Romulo M. Cholewa Home : http://www.rmc.eti.br Forum: http://zeus.rmc.eti.br/forum PGP Keys Available @ website. "Those who make peaceful revolution impossible will make violent revolution inevitable." -- JFK. ]-----Mensagem original----- ]De: Erek Adams [mailto:erek () snort org] ]Enviada em: terça-feira, 28 de janeiro de 2003 19:24 ]Para: Michael Steele ]Cc: 'Erek Adams'; snort-users () lists sourceforge net ]Assunto: RE: RES: sending alerts by email / active response ]Win2K system [RMC-J7FLJI4] ] ] ]On Tue, 28 Jan 2003, Michael Steele wrote: ] ]> Thanks, I required a reboot for some reason. Sending alerts now :) ] ]Hey, what do you expect!??!? It's Windows! ;-P ] ]/me ducks and runs for cover! ] ]----- ]Erek Adams ] ] "When things get weird, the weird turn pro." H.S. Thompson ] ] ]------------------------------------------------------- ]This SF.NET email is sponsored by: ]SourceForge Enterprise Edition + IBM + LinuxWorld = Something ]2 See! http://www.vasoftware.com ]_______________________________________________ ]Snort-users mailing list ]Snort-users () lists sourceforge net ]Go to this URL to change user options or unsubscribe: ]https://lists.sourceforge.net/lists/listinfo/sn]ort-users ] ]Snort-users list archive: ]http://www.geocrawler.com/redir-sf.php3?list=snort-users ] ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users] Romulo M. Cholewa (Jan 28)
- Re: RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users] Erek Adams (Jan 28)
- <Possible follow-ups>
- RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users] Romulo M. Cholewa (Jan 28)
- Re: RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users] Lok Ying Chung (Jan 28)