Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and blocking

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 28 May 2013 19:28:31 -0400
On 5/28/2013 15:01, Josh Bitto wrote:

I have a couple of questions that I'm sure that you guys can answer for me.


When snort does blocking it only see's the IP address of both the destination and source. So my questions are...

Is there third party app's that do dns lookups?
(I want to be able to keep a log of domains that may have been blocked, but aren't necessarily bad domains just 
compromised.)

If snort is on a dedicated linux box is there a web interface to be able to interact with snort?
(Example: Blocking lists, sensor management, suppression management, global configurations)


i'm sure there is or was something out there but, in reality, other than writing 
your own... well...

NOTE: i'm not looking at "conglomerate" tools that package snort with other 
tools like snorby, barnyard2 and similar as what is being asked... but then i 
may be being too narrow visioned based on the question posed...

FWIW: i'm aware of at least two firewall products that have interfaces for snort 
control and management but they are likely lacking for what the professional 
crowd expects... one of those interfaces is written in perl and the other in 
php... i'm sure that other (4th gen? 5th gen?) languages could be employed... 
ruby? java? i think i like the KISS principle of perl, though ;) O:)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: