[Snort-devel] Looking for a few beta testers...

Frank Knobbe FKnobbe at ...339...
Thu Jul 26 20:01:12 EDT 2001

Hash: SHA1


well, I'm close to finishing up my Snort plugin that reconfigures
Checkpoint Firewall-1 to block IP addresses. Once Snort 1.8 is
available on Win32, I'll test on 1.8 and supply the code for CVS.

Until then, the plugin is currently being tested under Snort 1.7, and
it seems to run like charm. I still need to clean up the source, add
notes, and work on the logging. However, all important features are
in place:

a) White-list of never-to-be-blocked IP hosts/networks.
b) Time override list.
c) Attack detection meter. If a configurable threshold (x blocks in y
time) is exceeded, the agent will unblock the last Z hosts and wait
until the attack stops (levels falls below threshold). 
d) Authorized sensor list, etc...

The agent can either call fw.exe or send a packet to port 18183
(SAM). Communication between the Snort sensors and the agent is 256
bit TwoFish encrypted, and appears to be resilient to attacks
(although I still need to finish sequence number checking to prevent

Why am I telling you this? If you are running Snort 1.7 under Windows
and use a Firewall-1 box, and if you are interested in beta-testing
the current build, please let me know.

(The code will also work under other platforms, but until the source
is released, I can only supply executables of Snort 1.7)

Email me if you are interested.


Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.


More information about the Snort-devel mailing list