Snort mailing list archives
Re: iptables + Snort
From: Erek Adams <erek () snort org>
Date: Mon, 24 Mar 2003 13:37:36 -0500 (EST)
On Mon, 24 Mar 2003, Prasanna Sridhar wrote: [...snip...]
I want to implement IPtables and Snort on 2 differnet machines with following config:
Ok.
LAN------------------------| iptables |----------------------- INTERNET | -------------- | ^ ------------- | update rule | Snort | ------------- ------------
This can work. Your ASCII art isn't perfect, but I get the gist. 1st answer: http://www.snortsam.net/
Snort keeps listening to the traffic from the Firewall(iptables) . If there is anything wrong (if iptables fails for some packet) ..snort ALERTS the iptables. When I mean ALERT, Snort should automatically update the firewall rules. I dont want to log the alerts..as it would slow down this process. I would appreciate if anyone could give me some ideas.
Keep in mind this is a _BAD_ idea if not done correctly. Frank Knobbe, the author of SnortSam, has done an excellent job with SnortSam to handle some of the bad things--But nothing is perfect. :-/ Do you really want to be paged out from a vacation becuase your boss can't get to his favorite <insert whatever type here> website? :) If you implement this, be very careful and _very_ aware of what you are doing.
Sorry if this problem has been discussed already.
Oh, only about a bajillion times.... </Dr. Evil voice> For some helpful advice, check this post [0] before posting. :) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://marc.theaimsgroup.com/?l=snort-users&m=104230179003344&w=2 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- iptables + Snort Prasanna Sridhar (Mar 24)
- Re: iptables + Snort Erek Adams (Mar 24)
- Re: iptables + Snort Matt Kettler (Mar 24)