RE: Can snort cut off connections ?

From: Jordan, Jason D. \ (Jason.Jordan_at_honeywell-tsi.com)
Date: 07/13/04

  • Next message: Jef Feltman: "RE: RFMON detection"
    To: 'Juan B' <juanbabi@yahoo.com>, "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>
    Date: Tue, 13 Jul 2004 12:35:16 -0400
    
    

    I know there was a project called Hogwash that used the snort engine and could adjust its rule set to block the ip addresses that set the alarm off. I think it used maybe iptables as the firewall on it and snort would just add a block rule for the
    offending IP. The only thing was it had to be inline with whatever machine you were protecting.

    Dallas Jordan MCSE, CCNA, Security+
    Electronics Technician II
    Honeywell Technology Solutions
    1010 Bankton Drive
    Hanahan, SC 29406
    843-744-1221 Ext 11

     -----Original Message-----
    From: Juan B [mailto:juanbabi@yahoo.com]
    Sent: Tuesday, July 13, 2004 2:46 AM
    To: security-basics@securityfocus.com
    Subject: Can snort cut off connections ?

    Hi,

    I heard that It is possible to change snort to be
    active and start droping connections based on
    predifined roles. is it true ?

    thanks

                    
    __________________________________
    Do you Yahoo!?
    New and Improved Yahoo! Mail - Send 10MB messages!
    http://promotions.yahoo.com/new_mail

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Jef Feltman: "RE: RFMON detection"