Snort mailing list archives
Re: Barnyard2 and Snortsam for 2.9.7.0
From: Sec_Aficionado <secaficionado () gmail com>
Date: Mon, 15 Dec 2014 10:11:43 -0500
Thank you all for your replies. @Shirkdog: what you said is what I feared but I was hoping for a different answer :) It makes sense to move in the direction snort is going, but for small biz/soho/home networks sometimes a dedicated box for IPS is still too much trouble. @Ian: can you please give me more technical details, like versions used or where you are getting your sources from? Are you using barnyard2 as the output plug-in or something more elaborate? @Joel, snort can definitely drop packages and act as IPS, but putting it inline breaks my firewall/router configuration. That's why I'm exploring options with an external agent/daemon directing the firewall to block/drop traffic. Long term, the writing is on the wall. I will need to rethink my network topology, but I think I can hold off a bit longer ;) Sent from my mobile Any weird stuff in the message above is autocorrect's fault
On Dec 15, 2014, at 8:06 AM, Joel Esler (jesler) <jesler () cisco com> wrote: Afaik, you don't need to add anything to Snort anymore. It's built into barnyard2 -- Joel Esler Sent from my iPhone On Dec 15, 2014, at 8:02 AM, Ian <snort_list () fishnet co uk> wrote:On 12/12/2014 16:28, Shirkdog wrote: Good ole' SnortSam. It was a great way to create custom actions and update your firewall config once a specific alert triggered. With DAQ and the ability to block in an IPS fashion, I am not sure if anyone is still using it. --- Michael ShirkHi, We use snortsam extensively here. Its useful to send out blocks to other networks that have not yet seen attacks. We run it as a daemon though, not compiled into snort. Regards Ian --On Fri, Dec 12, 2014 at 10:53 AM, Sec_Aficionado <secaficionado () gmail com> wrote:Hello there, I was looking through Barnyard2's barnyard2.conf file and noticed the section under # alert fw_sam: allow blocking of IP's through remote services However, I can't find a Snortsam version for snort later than 2.9.5.3 Does anyone here know if the project changed name or moved somewhere else for newer snort versions? As usual, thanks in advance! Sent from my mobile Any weird stuff in the message above is autocorrect's fault ------------------------------------------------------------------------------------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Barnyard2 and Snortsam for 2.9.7.0 Sec_Aficionado (Dec 12)
- Re: Barnyard2 and Snortsam for 2.9.7.0 Shirkdog (Dec 12)
- Re: Barnyard2 and Snortsam for 2.9.7.0 Ian (Dec 15)
- Re: Barnyard2 and Snortsam for 2.9.7.0 Joel Esler (jesler) (Dec 15)
- Re: Barnyard2 and Snortsam for 2.9.7.0 Sec_Aficionado (Dec 15)
- Re: Barnyard2 and Snortsam for 2.9.7.0 Ian (Dec 15)
- Re: Barnyard2 and Snortsam for 2.9.7.0 Shirkdog (Dec 12)