Snort mailing list archives
Re: Active Firewalling
From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 14 Apr 2002 18:44:43 -0700 (PDT)
On Wed, 3 Apr 2002, Patrick Lanphier wrote:
Active firewalling. I'm new to using Snort so please bare with me.
We all were new at some point in time--Even Marty. ;-)
I would like to update snorts files once a day. What's is the easiest way to do this?
By 'snorts files', I'm assuming you mean the rulesets. You could use a script from cron to grab the rulesets from: http://www.snort.org/dl/signatures/snortrules.tar.gz But... Be warned: Some types of automation are good. Some are not. Make damned sure you have sanity checking going on those rules before placing them on a live system. [Check the archives for a lot of discussion on that very topic...]
Second I would like to use the information sort detects to filter ips. What are people currently using to do this?
Again here as well... Check the archives. There are a lot of reasons to and not to do this. Read what others have said on the subject.
Lastly is Nessus the best freeware security scanner to use to identify wholes on a machine?
*shrugs* That all depends on you. :) Never limit yourself to one tool! Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Active Firewalling Patrick Lanphier (Apr 14)
- Re: Active Firewalling Erek Adams (Apr 14)