Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Active Firewalling

From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 14 Apr 2002 18:44:43 -0700 (PDT)
On Wed, 3 Apr 2002, Patrick Lanphier wrote:


Active firewalling.  I'm new to using Snort so please bare with me.


We all were new at some point in time--Even Marty.  ;-)


I would like to update snorts files once a day.  What's is the easiest way
to do this?


By 'snorts files', I'm assuming you mean the rulesets.  You could use a script
from cron to grab the rulesets from:

  http://www.snort.org/dl/signatures/snortrules.tar.gz

But...  Be warned:  Some types of automation are good.  Some are not.  Make
damned sure you have sanity checking going on those rules before placing them
on a live system.

[Check the archives for a lot of discussion on that very topic...]


Second I would like to use the information sort detects to filter ips.
What are people currently using to do this?


Again here as well...  Check the archives.  There are a lot of reasons to and
not to do this.  Read what others have said on the subject.


Lastly is Nessus the best freeware security scanner to use to identify
wholes on a machine?


*shrugs*  That all depends on you.  :)  Never limit yourself to one tool!

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: