Snort mailing list archives
Re: Snort-users Digest, Vol 37, Issue 33
From: Gregory Zill <gregory () r3g net>
Date: Tue, 30 Jun 2009 10:10:10 -0500
As long as you have read-write SSH account you can configure Guardian on the snort box to issue the shuns to the ASA. http://www.chaotic.org/guardian/ On Tue, Jun 30, 2009 at 6:34 AM, <snort-users-request () lists sourceforge net> wrote:
On Jun 30, 2009, at 4:47 AM, Steven King <sking () kingrst com> wrote:Has anyone configured Snort to trigger a shun command on a Cisco ASA device in an Inline IPS configuration or with NIDS?Snort is a nids and an ips by itself without interacting with an Asa box. We call this "inline" mode. As for being able to shun from snort, as far as I know, you can't do that. There is a patch for Snort called "snortsam" that enables Snort to interact with other appliances, however, I don't know if it has "Asa" capability. I know it used to have pix. I also don't know how recently it was updated.If so, could you please point me in the right direction to possibly implement this? How effective is this setup?Depends on what you are trying to do. Explain that first.Thanks! -- Steve King
-- The computer you are using has no brain, therefore you must use your own. Gregory W Zill, MBA, CISSP ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users Digest, Vol 37, Issue 33 Gregory Zill (Jun 30)