[Snort-users] SHUN

Mike Koponick mike at ...7385...
Tue Nov 26 11:00:02 EST 2002


Frank,

Thanks for the info.

Mike

-----Original Message-----
From: Frank Knobbe [mailto:fknobbe at ...652...]
Sent: Tuesday, November 26, 2002 10:55 AM
To: Mike Koponick
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] SHUN


On Tue, 2002-11-26 at 11:48, Mike Koponick wrote:
> Does SNORT support adding commands to firewalls? As an example, if I
> received a BAD packet, I would like to add a filter based on that
> information to my firewall. I understand that SNORT cannot decide which
> packets are bad, but I would think we would be able to trace an issue once
> the command has been executed.

Mike,

Snort can do that through the use of SnortSam. SnortSam can shun on
Cisco routers and various firewalls. See http://www.snortsam.net for
more info.

Regarding Snort deciding what is bad, well, Snort is an IDS and it is
the job of an IDS to flag certain packets/connections as 'bad' in that
sense that they match a signature or a rule.

Regards,
Frank






More information about the Snort-users mailing list