Re: (no subject)

[Chris Green <cmg () uab edu>]

"Don Dowling" <dowling_denis () hotmail com> writes:
> Hi
>
> I'm looking at snort as a solution to a problem I've been given.
> Basically, we have a PCAnywhere machine on our corporate LAN. We want to
> allow an external company to access this machine for software updates.
> Obviously this is a security risk so we are looking at solutions that
> will eliminate this risk. One is to configure a linux firewall with
> scripts to disable all traffic (except PCAnywhere) using iptables when
> PCAnywhere traffic is detected and to enable all other traffic when no
> PCAnywhere traffic is detected. 

Why do you allow everything on macvhines without PCAnywhere?

> I'm looking at snort as the means of detecting the traffic but my
> question is can I configure snort to execute a script that will run
> iptables to disable all other traffic?

You should write a swatch script to perform the
http://oit.ucsb.edu/~eta/swatch/ reconfiguration for the "detected
traffic case".

I think the correct solution though would be to have your admins VPN
to a local machine and then use PC Anywhere to admin.
-- 
Chris Green <cmg () uab edu>
Laugh and the world laughs with you, snore and you sleep alone.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users