[Snort-sigs] snortsam agent doesn't block ip in external firewall

stephane.nasdrovisky at ...2835... stephane.nasdrovisky at ...2835...
Tue Apr 28 03:12:37 EDT 2015


port 18183 looks like a checkpoint (firewall-1 producer) port. I don’t know 
snortsam, but snortsam and checkpoint tells me something.

http://platforms.infostruction.com/common-checkpoint-firewall-ports/ tells:
18183 /tcp FW1_sam Check Point OPSEC Suspicious Activity Monitor API

snortsam.conf hints:
remove any opsec line
add a iptables line

have a look at 
http://doc.emergingthreats.net/bin/view/Main/SnortSamREADMEconf

isn’t a snortsam agent needed on your firewall?
isn’t snortsam outdated??

Subject: [Snort-sigs] snortsam agent doesn't block ip in external firewall

[SAM] Could not connect to (PC3addr):18183! 





More information about the Snort-sigs mailing list