[Snort-users] SHUN

ams67 ams67 at ...3655...
Mon Dec 2 13:48:02 EST 2002


IMAO IDSs should not interfere with FWs. If I spoof my IP address with
your current, e.g. DNS server and send a forged packet with an attack
signature to your network protected by your IDS/FW integrated system I
can create an easy DoS by stopping legal and operational traffic. 
That is really easy to accomplish (e.g. nmap -D your.good.dns.server,
your.good.external.router, etc..).

My 2 cents

Tony

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mike
Koponick
Sent: Wednesday, 27 November 2002 6:48 a.m.
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SHUN

Hello,

Does SNORT support adding commands to firewalls? As an example, if I
received a BAD packet, I would like to add a filter based on that
information to my firewall. I understand that SNORT cannot decide which
packets are bad, but I would think we would be able to trace an issue
once
the command has been executed.

Any ideas?


Thanks in advance,

Mike



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list