Snort mailing list archives
Re: SHUN
From: Alberto Gonzalez <albertg () cerebro violating us>
Date: Tue, 26 Nov 2002 13:36:35 -0800
If snort alerts on a packet, you *should* assume it is *bad* until proven otherwise. To me if it alerts, the packet is bad, so snort can decide (take in mind false positives.). To add entries into your firewall you want to look into snortsam[1] patch for snort. It currently supports a number of firewalls. You can also configure snort to react on a packet via flexresp. You should also take a look at Hogwash[2] it doesn't add entries into your fw, but it can drop
malicious traffic. Cheers! - Alberto [1] - http://www.snortsam.net [2] - http://hogwash.sourceforge.net Mike Koponick wrote:
Hello, Does SNORT support adding commands to firewalls? As an example, if I received a BAD packet, I would like to add a filter based on that information to my firewall. I understand that SNORT cannot decide which packets are bad, but I would think we would be able to trace an issue once the command has been executed. Any ideas? Thanks in advance, Mike
-- The secret to success is to start from scratch and keep on scratching. -------------------------------------------------------This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users