[Snort-users] (no subject)
michaels at ...155...
Fri Nov 23 10:06:04 EST 2001
It looks like a lot of work just for one connection. Tell them that
updates need to be scheduled and open the port allow them to do their
thing and close it when the exit. There are several ways to securely do
this, but is it really worth the trouble for one company just to update
your software on an infrequent basis.
Commercial Snort Support <<->> 1.866.41.SNORT
Silicon Defense - www.silicondefense.com
Home of the new SENTRUS Snort sensor!
Michael Steele - Snort Support Technician
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Don
Sent: Thursday, November 22, 2001 9:49 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] (no subject)
I'm looking at snort as a solution to a problem I've been given.
Basically, we have a PCAnywhere machine on our corporate LAN. We want to
allow an external company to access this machine for software updates.
Obviously this is a security risk so we are looking at solutions that
will eliminate this risk. One is to configure a linux firewall with
scripts to disable all traffic (except PCAnywhere) using iptables when
PCAnywhere traffic is detected and to enable all other traffic when no
PCAnywhere traffic is detected. I'm looking at snort as the means of
detecting the traffic but my question is can I configure snort to
execute a script that will run iptables to disable all other traffic?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users