RE: (no subject)

["Michael Steele" <michaels () silicondefense com>]

Don,
 
It looks like a lot of work just for one connection. Tell them that
updates need to be scheduled and open the port allow them to do their
thing and close it when the exit. There are several ways to securely do
this, but is it really worth the trouble for one company just to update
your software on an infrequent basis.
-Mike

Commercial Snort Support <<->> 1.866.41.SNORT
  Silicon Defense - www.silicondefense.com
    Home of the new SENTRUS Snort sensor!
  Michael Steele - Snort Support Technician
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Don
Dowling
Sent: Thursday, November 22, 2001 9:49 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] (no subject)
 
Hi
I'm looking at snort as a solution to a problem I've been given.
Basically, we have a PCAnywhere machine on our corporate LAN. We want to
allow an external company to access this machine for software updates.
Obviously this is a security risk so we are looking at solutions that
will eliminate this risk. One is to configure a linux firewall with
scripts to disable all traffic (except PCAnywhere) using iptables when
PCAnywhere traffic is detected and to enable all other traffic when no
PCAnywhere traffic is detected. I'm looking at snort as the means of
detecting the traffic but my question is can I configure snort to
execute a script that will run iptables to disable all other traffic?
Thanks
Denis