Snort mailing list archives
Re: snortsam agent doesn't block ip in external firewall
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Tue, 28 Apr 2015 11:31:56 +0000
Is there a specific reason why you are using Snortsam? Seems like it is giving you a bunch of problems for something that snort does pretty easily standalone. Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com -----Original Message----- From: stephane.nasdrovisky () paradigmo com [mailto:stephane.nasdrovisky () paradigmo com] Sent: Tuesday, April 28, 2015 3:13 AM To: Daniel Lopez; Snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] snortsam agent doesn't block ip in external firewall port 18183 looks like a checkpoint (firewall-1 producer) port. I don’t know snortsam, but snortsam and checkpoint tells me something. http://platforms.infostruction.com/common-checkpoint-firewall-ports/ tells: 18183 /tcp FW1_sam Check Point OPSEC Suspicious Activity Monitor API snortsam.conf hints: remove any opsec line add a iptables line have a look at http://doc.emergingthreats.net/bin/view/Main/SnortSamREADMEconf isn’t a snortsam agent needed on your firewall? isn’t snortsam outdated?? Subject: [Snort-sigs] snortsam agent doesn't block ip in external firewall [SAM] Could not connect to (PC3addr):18183! ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snortsam agent doesn't block ip in external firewall Daniel Lopez (Apr 27)
- Re: snortsam agent doesn't block ip in external firewall stephane.nasdrovisky (Apr 28)
- Re: snortsam agent doesn't block ip in external firewall Al Lewis (allewi) (Apr 28)
- Re: snortsam agent doesn't block ip in external firewall stephane.nasdrovisky (Apr 28)