Re: Snort Triggered Shun on Cisco ASA

[Joel Esler <jesler () sourcefire com>]

Inline

--
Sent from my iPhone

On Jun 30, 2009, at 4:47 AM, Steven King <sking () kingrst com> wrote:

> Has anyone configured Snort to trigger a shun command on a Cisco ASA
> device in an Inline IPS configuration or with NIDS?

Snort is a nids and an ips by itself without interacting with an Asa  
box. We call this "inline" mode.    As for being able to shun from  
snort, as far as I know, you can't do that.  There is a patch for  
Snort called "snortsam" that enables Snort to interact with other  
appliances, however, I don't know if it has "Asa" capability. I know  
it used to have pix.  I also don't know how recently it was updated.

> If so, could you please point me in the right direction to possibly
> implement this? How effective is this setup?

Depends on what you are trying to do. Explain that first.


> Thanks!
>
> -- 
> Steve King
>
> Network Engineer - Liquid Web, Inc.
> Cisco Certified Network Professional
> CompTIA Linux+ Certified Professional
> CompTIA A+ Certified Professional
>
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users