Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-users Digest, Vol 37, Issue 33

From: Gregory Zill <gregory () r3g net>
Date: Tue, 30 Jun 2009 10:10:10 -0500
As long as you have read-write SSH account you can configure Guardian
on the snort box to issue the shuns to the ASA.

http://www.chaotic.org/guardian/

On Tue, Jun 30, 2009 at 6:34 AM,
<snort-users-request () lists sourceforge net> wrote:

On Jun 30, 2009, at 4:47 AM, Steven King <sking () kingrst com> wrote:


Has anyone configured Snort to trigger a shun command on a Cisco ASA
device in an Inline IPS configuration or with NIDS?


Snort is a nids and an ips by itself without interacting with an Asa
box. We call this "inline" mode.    As for being able to shun from
snort, as far as I know, you can't do that.  There is a patch for
Snort called "snortsam" that enables Snort to interact with other
appliances, however, I don't know if it has "Asa" capability. I know
it used to have pix.  I also don't know how recently it was updated.



If so, could you please point me in the right direction to possibly
implement this? How effective is this setup?


Depends on what you are trying to do. Explain that first.




Thanks!

--
Steve King


-- 
The computer you are using has no brain,
therefore you must use your own.

Gregory W Zill, MBA, CISSP

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: