Re: Snort and Cisco Pix

From: Kurt Seifried (
Date: 10/23/01

Message-ID: <017a01c15b45$f3d55500$>
From: "Kurt Seifried" <>
To: <>
Subject: Re: Snort and Cisco Pix
Date: Mon, 22 Oct 2001 16:07:33 -0600

Flex resp will do it. You could also use log monitoring software like swatch
to take an action if a rule is matched, you could have it update the
firewall list/etc. Personally I would reccomend extreme caution doing this,
if someone spoofs an attack from a partner or client you suddenly firewall
them, and the attacker has just executed a rather nice attack on your
system. The logic needed to prevent this would be simple but a goodlist of
sites you do not want to block would be fun to keep up to date (root
nameservers, partners, popular websites the boss likes, etc.).

Kurt Seifried,
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574

----- Original Message -----
From: "Jeremy" <>
To: <>
Sent: Monday, October 22, 2001 3:43 PM
Subject: Snort and Cisco Pix

Hello all,

  We were looking at the new Cisco IDS card that goes into their 6500's and
our cisco guy said that when it matches a signature it could update the pix
access lists to block traffic from that ip. We are currently running several
snort boxes and I was wondering if there was anything like that for snort.
Also, is there anything in snort now other than flex-resp that takes an
active role in stopping packets that match a certain signature?
  Sure would like to save our company $40K from having to buy 2 of those
cisco ids cards.


Relevant Pages

  • RE: Snort and Cisco Pix
    ... Subject: Snort and Cisco Pix ... You need to be very careful when blocking traffic based on a signature ...
  • RE: FW: Trons 7.0 (was Re: RealSecure IDS 6.5)
    ... Cisco, unlike RealSecure 7.0, cannot import Snort rules. ... >> It should be noted that, last I heard, the TRONS ...
  • RE: IDS evaluation
    ... NIDS and centralized management console. ... Prelude is compatible with snort so you can also mix sensors or use only ... >2.Cisco Secure IDS ... Cisco Secure IDS Policy Manager! ...
  • RE: Cisco vs. Snort
    ... Snort and another product bought from your prefered ... Now with regards to the Cisco IDS, I will only say that there are better ... If you want an answer to the Cisco Vs Snort question I would say Snort ... Symantec is the Diamond sponsor. ...
  • RE: Snort and Cisco Pix
    ... Subject: Snort and Cisco Pix ... > Subject: Snort and Cisco Pix ... > We were looking at the new Cisco IDS card that goes into ...