[Snort-devel] Looking for a few beta testers...
FKnobbe at ...339...
Thu Jul 26 20:01:12 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
well, I'm close to finishing up my Snort plugin that reconfigures
Checkpoint Firewall-1 to block IP addresses. Once Snort 1.8 is
available on Win32, I'll test on 1.8 and supply the code for CVS.
Until then, the plugin is currently being tested under Snort 1.7, and
it seems to run like charm. I still need to clean up the source, add
notes, and work on the logging. However, all important features are
a) White-list of never-to-be-blocked IP hosts/networks.
b) Time override list.
c) Attack detection meter. If a configurable threshold (x blocks in y
time) is exceeded, the agent will unblock the last Z hosts and wait
until the attack stops (levels falls below threshold).
d) Authorized sensor list, etc...
The agent can either call fw.exe or send a packet to port 18183
(SAM). Communication between the Snort sensors and the agent is 256
bit TwoFish encrypted, and appears to be resilient to attacks
(although I still need to finish sequence number checking to prevent
Why am I telling you this? If you are running Snort 1.7 under Windows
and use a Firewall-1 box, and if you are interested in beta-testing
the current build, please let me know.
(The code will also work under other platforms, but until the source
is released, I can only supply executables of Snort 1.7)
Email me if you are interested.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.
-----END PGP SIGNATURE-----
More information about the Snort-devel