Snort mailing list archives
Re: Cisco PIX firwalls & Cisco Routers
From: "Scot Scot" <scotw () hotmail com>
Date: Sat, 13 Apr 2002 10:23:41 -0500
Snort can be used for that type of function... but i know that CheckPoint supports this... SnortSam is an intelligent agent that allows the popular open-source Intrusion Detection System called Snort to block intruding connections by reconfiguration of Checkpoint Firewall-1/VPN-1 firewalls.
<snip>
On 12 Apr 2002, Austin Gonyou wrote: > Is it possible to have snort login to the firewall and block IPs, etc, > in the event of an error? We're thinking of using the Cisco IDS > management software for that, and a few other reasons. TIA
This is similar to a project that's on my to do list. I would like snort to reconfigure my Cisco routers when certain types of attacks are detected. Currently I use ISS's RealSecure Network Sensor (not very customizable and pretty spendy $$$$) TCL script support to telnet to, and reconfigure my filtering Cisco routers. Perhaps we need to throw something together in TCL or VB to perform this function after parsing a snort alert.ids file in real time? If myself or anyone on my engineering teem get this capability coded I will let everyone know ASAP.
Below are the links to the RealSecure_RouterCFG_expect.zip (For the Windows people). You don't need RealSecure to use this (FREE) tool, you can write a .bat or .cmd to call the utility.
http://www.iss.net http://www.iss.net/support/product_utilities/realsecure_tech_center/tech_notes/index.php Scot _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Cisco PIX firwalls & Cisco Routers Scot Scot (Apr 13)