[TOOL] SnortSam, Making Snort and Firewall-1 Work Together

From: support@securiteam.com
Date: 09/26/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [TOOL] SnortSam, Making Snort and Firewall-1 Work Together
Message-Id: <20010926191105.4D43C138C1@mail.der-keiler.de>
Date: Wed, 26 Sep 2001 21:11:05 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  SnortSam, Making Snort and Firewall-1 Work Together
------------------------------------------------------------------------

DETAILS

 <http://www.snortsam.net> SnortSam is a plugin for Snort, the open-source
lightweight Intrusion Detection System (IDS). The plugin allows for
automated blocking of IP addresses on a Checkpoint Firewall-1 firewall.

SnortSam itself consists of two pieces - the output plugin within Snort
and an intelligent agent that runs on the firewall. The agent provides a
variety of capabilities that go beyond other automated blocking
mechanisms. Here are a few highlights:

 * White-list support of IP addresses that will never be blocked.
 * Time-override list.
 * Flexible blocking specification including rule dependent blocking time
interval.
 * Misuse/Attack detection engine that works in conjunction with...
 * ...rollback support. SnortSam keeps track of blocks and can unblock the
last x blocks.
 * Repetitive (same IP) block prevention within 10 sec window to improve
performance.
 * TwoFish encrypted communication between Snort and the SnortSam agent.

ADDITIONAL INFORMATION

The tool can be downloaded from:
 <http://www.snortsam.net/download.asp>
http://www.snortsam.net/download.asp

The information has been provided by <mailto:Frank@Knobbe.net> Frank
Knobbe.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.