Snort mailing list archives
Re: Hogwash for Windows
From: "Scot Scot" <scotw () hotmail com>
Date: Thu, 10 Jul 2003 01:25:07 -0500
At 08:44 AM 7/9/2003 -0400, Joe Kinsella wrote:Is there an equivalent of Hogwash for the Windows version of snort? I
have
a good rule set for one of my servers and would like to drop offending packets.From: "Matt Kettler" Sent: Wednesday, July 09, 2003 8:14 PM Given that windows itself does not have a built-in packet filter or firewall along the lines of what iptables is, windows can't do this
without
commercial add-ons. The best you can do is to get snortsam to talk to checkpoint firewall-1, which is a commercial software firewall which runs on windows. This is similar to hogwash, but runs slightly-less realtime, and costs $ for a copy of firewall-1. I'd also advise doing some searching for bugtraq posts on firewall-1 and compare it to the number about other firewalls prior to buying it. I'm not sure if it's better or not, but certainly
worth
doing some minimal research prior to spending money on it. I'm also not sure quite how much FW-1 costs, but I've read it referred to as being a market leader, and a market leader in price as well.
Option 1: Windows has a variety of packet filters. One may configure this using the RRAS (Routing and Remote Access) API's to tag offending IP's and block them, although this requires some MS programming knowledge it is "built-in" to the operating system. Also if you are comfortable working with NDIS intermediary drivers I am aware that there is a capability there also. Option 2-3: IPsec Filtering ICF (Internet Connection Firewall) Available in WinXP & Win2003srv. (Note: ICF provides statful inspection although it is only on inbound traffic). Option 4: On a more practical note, take a look at the following sourceforge project: PktFilter: http://sourceforge.net/projects/pktfilter/ Just my 2.0134 cents worth (tax included) Scot Wiedenfeld ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hogwash for Windows Joe Kinsella (Jul 09)
- <Possible follow-ups>
- Re: Hogwash for Windows Matt Kettler (Jul 09)
- Re: Hogwash for Windows Scot Scot (Jul 10)
- RE: Hogwash for Windows Lars Troen (Jul 10)