[Snort-users] RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users]
Romulo M. Cholewa
rmc at ...8111...
Tue Jan 28 15:21:13 EST 2003
Since we had some very useful info on how to receive an email from snort logs, let's see the second question: how to dynamically configure a firewall on Windows with the info provided by snort ?
Well, it's possible.
My first thought was to use netsh, the Network Shell native command interface. It's possible, but it is not "user friendly" like iptables or ipchains. Then I found pktfilter.
Full documented, not as powerfull as iptables, but now it's a question of time to configure snort / swatch / pktfilter and finally have it.
It would be nice to hear from you, if anyone will give it a try. I'll keep the list posted.
Romulo M. Cholewa
Home : http://www.rmc.eti.br
PGP Keys Available @ website.
"Those who make peaceful revolution impossible will make
violent revolution inevitable." -- JFK.
]De: Erek Adams [mailto:erek at ...950...]
]Enviada em: terça-feira, 28 de janeiro de 2003 19:24
]Para: Michael Steele
]Cc: 'Erek Adams'; snort-users at lists.sourceforge.net
]Assunto: RE: RES: sending alerts by email / active response
]Win2K system [RMC-J7FLJI4]
]On Tue, 28 Jan 2003, Michael Steele wrote:
]> Thanks, I required a reboot for some reason. Sending alerts now :)
]Hey, what do you expect!??!? It's Windows! ;-P
]/me ducks and runs for cover!
] "When things get weird, the weird turn pro." H.S. Thompson
]This SF.NET email is sponsored by:
]SourceForge Enterprise Edition + IBM + LinuxWorld = Something
]2 See! http://www.vasoftware.com
]Snort-users mailing list
]Snort-users at lists.sourceforge.net
]Go to this URL to change user options or unsubscribe:
]Snort-users list archive:
More information about the Snort-users