Re: Cisco PIX firwalls & Cisco Routers

["Scot Scot" <scotw () hotmail com>]

> Snort can be used for that type of function...
> but i know that CheckPoint supports this...
>
> SnortSam is an intelligent agent that allows the popular
> open-source Intrusion Detection System called Snort to block
> intruding connections by reconfiguration of Checkpoint
> Firewall-1/VPN-1 firewalls.
<snip>

> On 12 Apr 2002, Austin Gonyou wrote:
>
> > Is it possible to have snort login to the firewall and block IPs, etc,
> > in the event of an error? We're thinking of using the Cisco IDS
> > management software for that, and a few other reasons. TIA

This is similar to a project that's on my to do list. I would like snort to 
reconfigure my Cisco routers when certain types of attacks are detected. 
Currently I use ISS's RealSecure Network Sensor (not very customizable and 
pretty spendy $$$$) TCL script support to telnet to, and reconfigure my 
filtering Cisco routers. Perhaps we need to throw something together in TCL 
or VB to perform this function after parsing a snort alert.ids  file in real 
time? If myself or anyone on my engineering teem get this capability coded I 
will let everyone know ASAP.

Below are the links to the RealSecure_RouterCFG_expect.zip  (For the Windows 
people). You don't need RealSecure to use this (FREE) tool, you can write a 
.bat or .cmd to call the utility.

http://www.iss.net

http://www.iss.net/support/product_utilities/realsecure_tech_center/tech_notes/index.php

Scot




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users