RE: how do you use the snort data?

["Gary Hill" <ghill () domicilium com>]

Its not very often I want my IDS system to respond to an attack itself , as the attack could have been sent to try and 
modify your firewall policy etc.
 
However, I have in the past generated scripts from logwatch that uses SSH to my cisco firewall and Nokia firewall and 
run a script that shun's the attack.
 
The PIX is quite simple, the Nokia was a little bit more difficult as at the time you couldnt inject a rule into the CP 
policy from a command line, but you could alter the packet filter of the Nokia IPSO.
 
I'd imagaine you can do the same with most boarder firewalls and routers
 
 

        -----Original Message----- 
        From: ljacobs [mailto:lj () mandala-designs com] 
        Sent: Thu 06/02/2003 03:18 
        To: snort-users () lists sourceforge net 
        Cc: 
        Subject: [Snort-users] how do you use the snort data?
        
        

        What are the types of net-tightening routines and technologies you use in response to the data collected by 
snort?
        
        Thanks.
        
        
        
        
        ________________________________________________________________
        Sent via the WebMail system at mandala-designs.com
        
        
        
                          
        
        
        -------------------------------------------------------
        This SF.NET email is sponsored by:
        SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
        http://www.vasoftware.com
        _______________________________________________
        Snort-users mailing list
        Snort-users () lists sourceforge net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
        Snort-users list archive:
        http://www.geocrawler.com/redir-sf.php3?list=snort-users