Snort mailing list archives
Re: Cisco PIX firwalls..
From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 13 Apr 2002 11:44:27 -0700 (PDT)
On 12 Apr 2002, Austin Gonyou wrote:
Is it possible to have snort login to the firewall and block IPs, etc, in the event of an error? We're thinking of using the Cisco IDS management software for that, and a few other reasons. TIA
Ok, This is _NOT_ to start a Holy War.... This is only to warn folks who might be considering this.... <flailing robot arms> DANGER! DANGER! DANGER WILL ROBINSON! [0] </flailing robot arms> Ok, now that that's out of the way.... :) This is a good and a _very_ bad idea at the same time. If you are going to trust your IDS to manage your routers for you, well... You better be damned sure about you'll never have any false positives, and that everything can be 'undone' quickly if the need arises. If you're not careful, some Evil Bastard(tm) might spoof attacks from your upstream ISP's router. Or might spoof something from your own internal setup. Or might.... The list could go on and on. You need to be aware that this potential for abuse _DOES_ exist and you _must_ take it into account when designing a setup like this. Since everyone is out to get me, and I'm not paranoid, I don't trust my sensors to do any more than _sense_. I trust a human examining the traces and then making the decision. Yes, Yes... I know sometimes I'm better off getting a goldfish to make the choice, but I have _some_ tiny faith in humanity. :) Hope this gives you something to consider! Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net [0] http://www.scifi.com/lostnspace/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Cisco PIX firwalls.. Austin Gonyou (Apr 12)
- Re: Cisco PIX firwalls.. Ashley Thomas (Apr 12)
- Re: Cisco PIX firwalls.. Erek Adams (Apr 13)
- <Possible follow-ups>
- RE: Cisco PIX firwalls.. Kent Hundley (Apr 14)
- RE: Cisco PIX firwalls.. Joe Smith (Apr 15)
- RE: Cisco PIX firwalls.. Erek Adams (Apr 15)
- RE: Cisco PIX firwalls.. Austin Gonyou (Apr 15)
- RE: Cisco PIX firwalls.. Erek Adams (Apr 15)
- Re: Cisco PIX firwalls.. counter . spy (Apr 15)
- Re: Cisco PIX firwalls.. Frank Knobbe (Apr 17)