Snort mailing list archives
Re: Can snort add a rule to iptables?
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 30 Apr 2003 13:28:10 -0400
At 09:30 AM 4/30/2003 -0400, Eduardo Faria wrote:
Hi friends, I am a new one at SNORT world. I read the official manual and I have one doubt. Can SNORT match an attack and add some rule to iptables , for exemple to drop some ip range of address?
Snort itself doesn't do such things, however several add-on packages do this. Snortsam, inline-snort, and hogwash are good examples.
Note that the state of hogwash documentation isn't very good at this time, so unless you can get enough docs to fully understand how hogwash works (hint: if you enable forwarding at the kernel level you WILL compromise its firewall) don't use that one. It is very easy to screw up since it works as a "second router" and doesn't interact with iptables or the kernel's own routing (which will continue to run regardless of what hogwash does).
Snortsam seems pretty well documented, however the documentation might mislead you to believe that the use of encryption is done in a manner which provides authentication and integrity of command packets between the two machines it uses. It doesn't (They're using encryption with no MAC of any sort, not even a CRC). Other than that minor discrepancy, it seems to be a fine product, just make sure the wire between the two boxes is a secure network, or is through a separate form of secure tunnel.
I've not looked closely at inline-snort, so I can't comment on how well documented it is or isn't.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can snort add a rule to iptables? Eduardo Faria (Apr 30)
- Re: Can snort add a rule to iptables? Erek Adams (Apr 30)
- Re: Can snort add a rule to iptables? Matt Kettler (Apr 30)