Snort mailing list archives
RE: Hogwash for Windows
From: "Lars Troen" <Lars.Troen () proxycom no>
Date: Thu, 10 Jul 2003 11:23:45 +0200
The best you can do is to get snortsam to talk to checkpoint firewall-1, which is a commercial software firewall which runs on windows.
Well... It's not limited to fw-1. Snortsam now supports fw1, pix, cisco routers, netscreen, ipf, pf, ipchains and more... These doesn't support win32 (except fw1), but might be somewhat likely that you're having a cisco router as your internet router.
This is similar to hogwash, but runs slightly-less realtime, and costs $ for a copy of firewall-1. I'd also advise doing some searching for bugtraq posts on firewall-1 and compare it to the number about other firewalls prior to buying it. I'm not sure if it's better or not, but certainly worth doing some minimal research prior to spending money on it.
Firewall-1 can also function similarly as hogwash do by itself now. With it's "Application Intelligence" and SmartDefense functionality (available in FP3 and FP4) you can define your own regex strings that triggers the firewall. Some default rules for CodeRed, Nimda etc are included and you can subscribe to updates from checkpoint for some $. Lars ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hogwash for Windows Joe Kinsella (Jul 09)
- <Possible follow-ups>
- Re: Hogwash for Windows Matt Kettler (Jul 09)
- Re: Hogwash for Windows Scot Scot (Jul 10)
- RE: Hogwash for Windows Lars Troen (Jul 10)