RE: SHUN

["Mike Koponick" <mike () redhawk info>]

Frank,

Thanks for the info.

Mike

-----Original Message-----
From: Frank Knobbe [mailto:fknobbe () knobbeits com]
Sent: Tuesday, November 26, 2002 10:55 AM
To: Mike Koponick
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] SHUN


On Tue, 2002-11-26 at 11:48, Mike Koponick wrote:
> Does SNORT support adding commands to firewalls? As an example, if I
> received a BAD packet, I would like to add a filter based on that
> information to my firewall. I understand that SNORT cannot decide which
> packets are bad, but I would think we would be able to trace an issue once
> the command has been executed.

Mike,

Snort can do that through the use of SnortSam. SnortSam can shun on
Cisco routers and various firewalls. See http://www.snortsam.net for
more info.

Regarding Snort deciding what is bad, well, Snort is an IDS and it is
the job of an IDS to flag certain packets/connections as 'bad' in that
sense that they match a signature or a rule.

Regards,
Frank




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users