[Snort-devel] Idea/Thought.

Dragos Ruiu dr at ...40...
Fri Aug 17 16:50:37 EDT 2001


What about hogwash?

or a script from logwatch or swatch to fiddle your firewall...
see FAQ for more caveats.

--dr

On Fri, 17 Aug 2001, Alex Jokela wrote:
> Greetings!
> 
> I've used snort for a while now (off and on) -- and i have always loved it.
> but recently, i realized it was missing one thing (at least in my opinion),
> and that was a decent way to block packets -- much like the way that
> portsentry does: using an external program (like ipchains, ipf, ipfw,
> iptables, etc...)
> 
> i know that in the contrib there is a script which will generate ipchain
> rules based on snort responses, but this is not what i am looking for.
> 
> so...not being able to find anything, i have started to modify sp_respond.c
> (and a header or two) to include support for external programs (like the
> ones mentioned above) to be executed, as well as, a way of appending to file
> (in the case of a system reboot) the rules that are generated.
> 
> ...more information to come...
> 
> constructive thoughts are welcome.
> 
> thanks.
> 
> 	alex jokela
> 
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel
-- 
Dragos Ruiu <dr at ...9...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc




More information about the Snort-devel mailing list