Snort mailing list archives
Re: Blocking attacking IP address for some time using Snort and PIX
From: kanwal jeet <jeet_kanwal () yahoo com>
Date: Thu, 2 Oct 2003 17:34:33 -0700 (PDT)
Hi Frank, It sounds perfect to me. Thanks for your help. I will try it out this weekend. Best Regards Kanwal Frank Knobbe <frank () knobbe us> wrote: On Thu, 2003-10-02 at 18:49, kanwal jeet wrote:
I have Pix firewall and i want IDS to instruct the PIX firewall to drop all traffic coming from the source IP of the attacker and then remove the ban after a period of time has expired. Is it possible with snort ? i know it is possible with Cisco IDS. Can i accomplish the same with Snort ?
This is possible with the Snortsam plugin. See http://www.snortsam.net for more information. Be aware though that there is an issue in the PIX plugin that affects some people but not others. In my tests it worked fine, but some folks reported timeout issues. No one has been able to put a finger on it yet. It may work for you, or not. Please let us know in discussion () snortsam net, or at least in an email to me. Regards, Frank
ATTACHMENT part 2 application/pgp-signature name=signature.asc
--------------------------------- Do you Yahoo!? The New Yahoo! Shopping - with improved product search
Current thread:
- Blocking attacking IP address for some time using Snort and PIX kanwal jeet (Oct 02)
- Re: Blocking attacking IP address for some time using Snort and PIX Matt Kettler (Oct 02)
- Re: Blocking attacking IP address for some time using Snort and PIX Frank Knobbe (Oct 04)
- Re: Blocking attacking IP address for some time using Snort and PIX kanwal jeet (Oct 02)