Re: Blocking attacking IP address for some time using Snort and PIX

[kanwal jeet <jeet_kanwal () yahoo com>]

Hi Frank,
 
It sounds perfect to me. Thanks for your help. I will try it out this weekend.
 
Best Regards
Kanwal

Frank Knobbe <frank () knobbe us> wrote:
On Thu, 2003-10-02 at 18:49, kanwal jeet wrote:
> I have Pix firewall and i want IDS to instruct the PIX firewall to
> drop all traffic coming from the source IP of the attacker and then
> remove the ban after a period of time has expired.
>
> Is it possible with snort ? i know it is possible with Cisco IDS.
> Can i accomplish the same with Snort ?


This is possible with the Snortsam plugin. See http://www.snortsam.net
for more information.

Be aware though that there is an issue in the PIX plugin that affects
some people but not others. In my tests it worked fine, but some folks
reported timeout issues. No one has been able to put a finger on it yet.
It may work for you, or not. Please let us know in
discussion () snortsam net, or at least in an email to me.

Regards,
Frank



> ATTACHMENT part 2 application/pgp-signature name=signature.asc


---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search