Snort mailing list archives

Re: Blocking attacking IP address for some time using Snort and PIX

From: Frank Knobbe <frank () knobbe us>
Date: Thu, 02 Oct 2003 19:13:00 -0500

On Thu, 2003-10-02 at 18:49, kanwal jeet wrote:

I have Pix firewall and i want IDS to instruct the PIX firewall to
drop all traffic coming from the source IP of the attacker and then
remove the ban after a period of time has expired.
 
Is it possible with snort ?  i know it is possible with Cisco IDS.
Can i accomplish the same with Snort ?



This is possible with the Snortsam plugin. See http://www.snortsam.net
for more information.

Be aware though that there is an issue in the PIX plugin that affects
some people but not others. In my tests it worked fine, but some folks
reported timeout issues. No one has been able to put a finger on it yet.
It may work for you, or not. Please let us know in
discussion () snortsam net, or at least in an email to me.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Blocking attacking IP address for some time using Snort and PIX kanwal jeet (Oct 02)
- Re: Blocking attacking IP address for some time using Snort and PIX Matt Kettler (Oct 02)
- Re: Blocking attacking IP address for some time using Snort and PIX Frank Knobbe (Oct 04)
  - Re: Blocking attacking IP address for some time using Snort and PIX kanwal jeet (Oct 02)