Snort mailing list archives

Re: SHUN

From: Frank Knobbe <fknobbe () knobbeits com>
Date: 26 Nov 2002 12:54:42 -0600

On Tue, 2002-11-26 at 11:48, Mike Koponick wrote:

Does SNORT support adding commands to firewalls? As an example, if I
received a BAD packet, I would like to add a filter based on that
information to my firewall. I understand that SNORT cannot decide which
packets are bad, but I would think we would be able to trace an issue once
the command has been executed.


Mike,

Snort can do that through the use of SnortSam. SnortSam can shun on
Cisco routers and various firewalls. See http://www.snortsam.net for
more info.

Regarding Snort deciding what is bad, well, Snort is an IDS and it is
the job of an IDS to flag certain packets/connections as 'bad' in that
sense that they match a signature or a rule.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Alerting and Reporting tools Scott, Joshua (Nov 25)
- Re: Alerting and Reporting tools Scott Nursten (Nov 26)
  - SHUN Mike Koponick (Nov 26)
    - Re: SHUN Alberto Gonzalez (Nov 26)
    - Re: SHUN Matt Kettler (Nov 26)
    - Re: SHUN Frank Knobbe (Nov 26)
    - Re: SHUN Matt Kettler (Nov 26)
    - Re: SHUN Frank Knobbe (Nov 26)
    - RE: SHUN Mike Koponick (Nov 26)
    - RE: SHUN ams67 (Dec 02)
    - RE: SHUN Frank Knobbe (Dec 02)
    - RE: SHUN ams67 (Dec 02)
    - Re: SHUN Alberto Gonzalez (Dec 02)
    - Re: SHUN Frank Knobbe (Dec 02)
    - Re: SHUN Alberto Gonzalez (Dec 03)
    - RE: SHUN ams67 (Dec 02)
    - Re: SHUN Alberto Gonzalez (Dec 03)
    - RE: SHUN Frank Knobbe (Dec 03)

(Thread continues...)