[Snort-users] Using Snort code base to make an intelligent firewall

Steve Hutchins Steve.Hutchins at ...277...
Tue Nov 21 15:51:13 EST 2000

Apologies for being a bit off topic.

I'm sure I'm not the only person to have thought of this?!

If you have ever worked with stealth firewalls such as
SUNs Sunscreen or Lucent 'the brick' you might have thought
'shit, these things are expensive! maybe they need to have
some open source competition'
(These tend to run with 2 or more interfaces in un-addressable
promisc mode, and an addressable admin interface, as a pseudo

The other thing about these expensive firewalls, is although
they know how to do VPN's etc etc, they are not very intelligent
and block every thing that isn't in their rules list (quite a
good thing for a firewall).

But, why not have an intelligent firewall that doesn't explicitly
block everything (unless you tell it to), but will block anything
that looks like it is suspicious (ALA IDS rolled into a firewall).
This would allow Joe normal user through without any explicit rule.

Obviously, this type of firewall would best run as a 'quiet'
external firewall with a normal firewall inside.

Anyone thought about this or working on something similar?
Do people think this is a crap idea?

The reason I am mentioning this idea, is that I had it some
time ago, and haven't had the time to do anything with it.

Steve 'I'll creep back into my hole now' Hutchins

More information about the Snort-users mailing list