Snapgear and SNORT

From: Purl Gurl (purlgurl_at_purlgurl.net)
Date: 04/25/04

  • Next message: Lars M. Hansen: "Re: Win 2k/2k3 server - bridging firewall?"
    Date: Sat, 24 Apr 2004 22:03:50 -0700
    
    

    Been researching a lot of firewalls, pricing them
    on Ebay, reading till my eyes water.

    Snapgear seems a decent firewall being based on
    a Linux kernel which inherently allows a great
    amount of configuration.

    Any readers here know if SNORT can be incoporated
    into or used with a Snapgear firewall?

    Lot of information related to Snapgear and SNORT here:

    http://www.cyberguard.com/snapgear/cgi-bin/fom?_recurse=1&file=1

    There is more than enough information about SNORT
    and just as much about Snapgear Linux firewalls.
    However, I am not having much luck finding needed
    information about using Snapgear and SNORT, together.

    Currently I am running SNORT on a stand-alone machine
    but would like to move to a self-contained firewall
    and incorporate SNORT into or with the firewall.

    Appears SNORT needs to be machine based and used
    with third party software to "talk" to Snapgear
    for react blocking, via a serial port. That is
    about all I have found in the line of information,
    which is not enough!

    Anyone have experience with Snapgear and SNORT?

    Not the new PCI card running SNORT, but rather
    the old fashion Snapgear boxes, like the 5
    series or their Pro series, two ethernet port
    boxes with a serial interface.

    Thanks,

    Purl Gurl


  • Next message: Lars M. Hansen: "Re: Win 2k/2k3 server - bridging firewall?"

    Relevant Pages

    • Re: Dynamic Firewall/IDS System
      ... > (firewall, IDS, etc.) and reacting appropriately could be a good thing. ... > I don't think this is a description of snort. ... the network guys from the colo -- that they get or got attacked. ... we deploy packet filter log rules that indicate the attack. ...
      (FreeBSD-Security)
    • Re: Linux firewall/IDS/NAT suggestions
      ... > Should snort be running on the firewall machine or another machine? ... should I put the firewall and IDS box on a hub as the first ... other connected to a private net logging to a db that only has a private ... > a malicious attacker cannot hide rule changes? ...
      (Focus-Linux)
    • Re: Snapgear and SNORT
      ... >> using Snort with a firewall. ... > firewalls and they both use Snort. ... Thank you, John! ... dedicated server machine now, Apache, Email, DNS... ...
      (comp.security.firewalls)
    • Re: Need help, ask for your advice
      ... All Snort can do is alert. ... blocks the IP in question (much like BlackIce does). ... And snort is not a firewall it's an NIDS. ...
      (comp.security.firewalls)
    • IDS and Firewall on the same =but> POWERFULL BOX
      ... deploying Firewall (such as ipchains/iptables or Checkpoint FW & IDS ... lets say checkpoint and snort together. ... they can not make use of both CPU at the same time, ...
      (Focus-IDS)