Snort mailing list archives
Re: Snort acting as a firewall??
From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Thu, 07 Nov 2002 01:08:07 -0800
You might want to check out SnortSam[1] which can actively block offending IP's based on alerts. Snortsam supports quite a few Firewalls with more to come (pf anytime soon?). You can also check out HogWash[2] which is an inline packet scrubber based on snort's engine. There is also Snort-inline[3] which
is a patch to use hogwash's features with the current snort.Snort also can use FlexResp (--enable-flexresp) check out the Resp[4] keyword in the FAQ.
Hope it Helps - Albert[1] - http://www.snortsam.net [2] - http://hogwash.sourceforge.net
[3] - http://www.snort.org/dl/contrib/patches/inline/ [4] - http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.22 M. Felipe wrote:
hi guys, Im a newbie trying to make the best use of Snort. At the moment i have set up snort which only logs alerts and nothing more. i'd like to implement a way which snort acts like a firewall blocking hackers breaking into the box. I've read information on Snort & Guardian, looks like a great deal, thought i've noticed also on the downside of blocking on the fly. Is it possible to use snort as a firewall? basically blocking anything that it can see as a potential security breach?? As i said, i'm a newbie, so if this method is common, or even discussed over and over again, please excuse my ignorance. Any suggestion, readings, tutorials will be a great help. Thanks Again M. Felipe PS. im using RH7.2 if its any help. THANKS!!
-- The secret to success is to start from scratch and keep on scratching. -------------------------------------------------------This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort acting as a firewall?? M. Felipe (Nov 06)
- Re: Snort acting as a firewall?? Alberto Gonzalez (Nov 06)
- Snort acting as a firewall ????????? Atul Shrivastava (Nov 08)
- Re: Snort acting as a firewall ????????? Alberto Gonzalez (Nov 08)
- Re: Snort acting as a firewall ????????? Frank Knobbe (Nov 08)
- Snort acting as a firewall ????????? Atul Shrivastava (Nov 08)
- Re: Snort acting as a firewall?? Alberto Gonzalez (Nov 06)