dr at ...40...
Fri Aug 17 16:50:37 EDT 2001
What about hogwash?
or a script from logwatch or swatch to fiddle your firewall...
see FAQ for more caveats.
On Fri, 17 Aug 2001, Alex Jokela wrote:
> I've used snort for a while now (off and on) -- and i have always loved it.
> but recently, i realized it was missing one thing (at least in my opinion),
> and that was a decent way to block packets -- much like the way that
> portsentry does: using an external program (like ipchains, ipf, ipfw,
> iptables, etc...)
> i know that in the contrib there is a script which will generate ipchain
> rules based on snort responses, but this is not what i am looking for.
> so...not being able to find anything, i have started to modify sp_respond.c
> (and a header or two) to include support for external programs (like the
> ones mentioned above) to be executed, as well as, a way of appending to file
> (in the case of a system reboot) the rules that are generated.
> ...more information to come...
> constructive thoughts are welcome.
> alex jokela
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
Dragos Ruiu <dr at ...9...> dursec.com ltd. / kyx.net - we're from the future
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc
More information about the Snort-devel