Security Basics mailing list archives

RE: Can snort cut off connections ?

From: "Jordan, Jason D. \"Dallas\"" <Jason.Jordan () honeywell-tsi com>
Date: Tue, 13 Jul 2004 12:35:16 -0400

I know there was a project called Hogwash that used the snort engine and could adjust its rule set to block the ip 
addresses that set the alarm off.  I think it used maybe iptables as the firewall on it and snort would just add a 
block rule for the
offending IP.  The only thing was it had to be inline with whatever machine you were protecting.  


Dallas Jordan  MCSE, CCNA, Security+
Electronics Technician II
Honeywell Technology Solutions
1010 Bankton Drive
Hanahan, SC 29406
843-744-1221  Ext 11

 -----Original Message-----
From:   Juan B [mailto:juanbabi () yahoo com] 
Sent:   Tuesday, July 13, 2004 2:46 AM
To:     security-basics () securityfocus com
Subject:        Can snort cut off connections ?

Hi,

I heard that It is possible to change snort to be
active and start droping connections based on
predifined roles. is it true ?

thanks


                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Can snort cut off connections ? Juan B (Jul 13)
- Re: Can snort cut off connections ? Zoran Perkov (Jul 13)
- Re: Can snort cut off connections ? Dan Daggett (Jul 13)
- RE: Can snort cut off connections ? Jason Haith (Jul 13)
- RE: Can snort cut off connections ? dbs (Jul 15)
- <Possible follow-ups>
- RE: Can snort cut off connections ? Dave Torre (Jul 13)
- RE: Can snort cut off connections ? Jordan, Jason D. "Dallas" (Jul 13)
- Re: Can snort cut off connections ? Michael Sconzo (Jul 14)