Re: react: block not working

[Matt Kettler <mkettler () evi-inc com>]

At 09:25 AM 2/6/2004, Micheal.Cottingham wrote:
> am doing this for other things such as MSSQL Propogation Attempt, NMAP 
> Ping, etc. I especially want to block ICMP Large Packet as the
> TTL's have been modified, and the payload is a bit screwy to say the 
> least. MSSQL Propogation Attempt is another big one on my list. I am in a
> pure windows environment and my boss is not favorable of *nix, so hogwash 
> is out of the question I'm afraid. snort-inline is also just *nix if I
> am not mistaken, is it not? I am using Snort 2.1. Any help would be 
> greatly appreciated

Whoops, sorry, missed the second half...

Really, since Windows doesn't come with a flexible scriptable firewall, 
there's little that you can do directly on a windows box itself.

If you must stick to windows-only you can buy a copy of CheckPoint FW/1 for 
your Windows box and use snortsam.

Although for the money I'd recommend not buying FW/1 and getting a separate 
firewall box and have snortsam command that. For the price of FW/1 you 
should be able to buy a Cisco PIX or Watchguard firebox. From what I read 
on the net, Checkpoint can be pretty pricey.


Snortsam can handle a variety of firewalls and can run with snort on a 
windows box :
http://www.snortsam.net/



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users