Re: firewall rules modification based on snort logs

[Matt Kettler <mkettler () evi-inc com>]

At 10:38 PM 6/10/2003 -0500, Frank Knobbe wrote:
> On Tue, 2003-06-10 at 12:55, Matt Kettler wrote:
>
> > However if you need to split snortsam across a insecure network, make sure
> > to use a SSH tunnel or similar mechanism.
>
> That still hasn't been fixed yet. However, for usage within your own
> network, this is acceptable imo. If you route through the Internet, use
> an SSH tunnel.

Agreed, which is why I specifically stated that was needed for an 
"insecure" network. Of course, "secure" is a relative term, and in some 
cases "your" network may be something like a college campus public network, 
in which case you may want some heavier protections.

> >  Needless to say that doesn't work very well, but AFAIK the
> > feature has been removed. It is however still mentioned in the FAQ in all
> > it's incorrect glory.
>
> Yeah, rub it in.... if you happen to get really annoyed with this, feel
> free to fix the FAQ and send me a copy.

I'm not really trying to rub it in as much as make sure that people who I 
recommend the tool to are aware of the limitations until the docs, etc, are 
updated.

If I've got spare time someday (yeah, right) I may sit down and update the 
FAQ and/or write up a patch for twofish.c, but given my limited free time, 
that's unlikely to be anytime soon.



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users