[Snort-users] WatchGuard Firebox2
billshaffer at ...4566...
Wed Jan 16 06:50:08 EST 2002
Has anyone been able to use fbidsmate.exe with snort? This utility
allows a hostile ip to be placed in the firewall log so that it will be
blocked. WatchGuard has not published the whitepaper on how to set this
utility up, since this utility was not made by them. They do claim that
this will work with snort, and hope to have some documentation out
within the next month. I can get the utility to block a Hostile IP if I
use the following command within snort.conf...fbidsmate.exe 10.3.31.254
(<-- My IP) password (<-- pass to firebox) add_hostile 220.127.116.11 (<--test
IP). This will block all communication for 18.104.22.168 My problem is how do
I tell fbidsmate what the hostile IP is in the alert.
I have tried fbidsmate.exe 10.3.31.254 (<-- My IP) password (<-- pass to
firebox) add_hostile *.*.*.* (<--test IP). This does not work. I'm
guessing I have to direct this command to the logged alert. If anyone
has set this up and could direct me to a link describing how to do this
or give me the command line to use I would greatly appreciate it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users