Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: iptables + Snort

From: Erek Adams <erek () snort org>
Date: Mon, 24 Mar 2003 13:37:36 -0500 (EST)
On Mon, 24 Mar 2003, Prasanna Sridhar wrote:

[...snip...]


I want to implement IPtables and Snort on 2 differnet machines with
following config:


Ok.



LAN------------------------| iptables |----------------------- INTERNET
             |                  --------------
             |                       ^
         -------------               |   update rule
        | Snort   |   -------------
         ------------


This can work.  Your ASCII art isn't perfect, but I get the gist.  1st
answer:  http://www.snortsam.net/


Snort keeps listening to the traffic from the
Firewall(iptables) . If there is anything wrong (if iptables fails for
some packet) ..snort ALERTS the iptables. When I mean ALERT, Snort
should automatically update the firewall rules. I dont want to log the
alerts..as it would slow down this process. I would appreciate if anyone
could give me some ideas.


Keep in mind this is a _BAD_ idea if not done correctly.  Frank Knobbe,
the author of SnortSam, has done an excellent job with SnortSam to handle
some of the bad things--But nothing is perfect.  :-/ Do you really want to
be paged out from a vacation becuase your boss can't get to his favorite
<insert whatever type here> website?  :)  If you implement this, be very
careful and _very_ aware of what you are doing.


Sorry if this problem has been discussed already.


Oh, only about a bajillion times....
</Dr. Evil voice>

For some helpful advice, check this post [0] before posting.  :)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://marc.theaimsgroup.com/?l=snort-users&m=104230179003344&w=2



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: