Snort mailing list archives
Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 5 Apr 2007 17:16:47 -0400
On 4/5/07, Lang, Robert <Robert.Lang () suny edu> wrote:
Has anyone had any luck getting rule blocking working with Snortsam and a Cisco ASA? It works like a charm with our Watchguard Firewall, but with our PIX/ASA I always get a message that says "Error: [pix] Did not receive a response waiting for logon prompt from PIX at x.x.x.x".
Using telnet to manage firewalls? Tsk-tsk. :-) The problem is either that: 1) Cisco routers and firewalls by default skip the standard "login:" prompt most telnet servers offer up and go right to "Password:" Use the 'pix' directive in your snortsam conf file instead: pix 10.0.0.1 [telnetpass] [enablesecret] [config] 2) You *are* using the pix directive and you have AAA user authentication turned on on the PIX and it *is* generating a "login:" prompt. Use: pix 10.0.0.1 [user]/[password] [enablesecret] [config] Seriously, though, I would consider building Snort with flexresp and modifying those rules that pertain to you to fire off ICMP type 3 or TCP RST packets that will cause whatever firewall to drop the connection. Then you can turn telnet off. :-) PaulM ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 05)
- Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Lang, Robert (Apr 05)
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Paul Melson (Apr 05)
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Joel Esler (Apr 05)
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Paul Melson (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Adam Keeton (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Darryl Taylor (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 07)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 16)
- Re: Snort 2.6.1.3 ignoring stream4 Frank Knobbe (Apr 18)
- Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Lang, Robert (Apr 05)