Re: Snort as Firewall (WinXP)
- From: ilaiy <ilaiy.e@xxxxxxxxx>
- Date: Mon, 30 Jan 2006 16:02:41 -0600
Linux is much much simpler that windows .. I use Fedora at home and it
is fairly simple to get it running ..
./thanks
ilaiy
On 1/29/06, Neil <neil@xxxxxxxxxx> wrote:
Yeah, well, in all my readings and largely from the mail on this list,
I've come to the conclusion that Snort definitly won't give me
iptable-functionality on a windows box.
My solution is one I should've done a while ago: start using linux. Of
course, thats much harder than it sounds, but we'll see how it turns out.
Thanks to the list for all the help.
Cheers,
Neil
On 1/26/2006 3:02 AM, coder wrote:
I should probably add that the only two ways I know of making snort into an
IPS;
is by either using snort-inline, which would require IPTables (and this is a
windows question) or
using "flex response" (not sure if this comes with the windows version of
snort), the downfall of flex response
is that is just sends an RST packet to break the connection (this however
does not stop the attacker from re-connecting)
also, you would have to write your own rules such as:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS CodeRed v2
root.exe access"; flags: A+; uricontent:"scripts/root.exe?";
nocase;resp:rst_snd;)
(you can see the rst_snd at the end)
but, as "shrek-m" and I (in my earlier email) said, snort cannot really be
used as a firewall.
Regards,
Davie
----- Original Message -----
From: <shrek-m@xxxxxx>
To: <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Tuesday, January 24, 2006 10:17 PM
Subject: Re: Snort as Firewall (WinXP)
Neil wrote:
bingo.From what I've read, a couple people have tried, but most people were ofthe opinion to use Snort as an IDS, and have a separate firewall.
If anyone has done it, do you recommend it? Why/why not?"snort" iirc is a ids/ips and no firewall
For those who are against using it as a firewall, again, why?
http://www.snort.org/
eg. "iptables" iirc is a firewall and no ids/ips
http://iptables.org/
--
shrek-m
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: MS in information security
- Next by Date: GPO Application
- Previous by thread: MS in information security
- Next by thread: GPO Application
- Index(es):
Relevant Pages
|
|
