[Snort-users] RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users]

Romulo M. Cholewa rmc at ...8111...
Tue Jan 28 15:21:13 EST 2003

Since we had some very useful info on how to receive an email from snort logs, let's see the second question: how to dynamically configure a firewall on Windows with the info provided by snort ?

Well, it's possible.

My first thought was to use netsh, the Network Shell native command interface. It's possible, but it is not "user friendly" like iptables or ipchains. Then I found pktfilter.


Full documented, not as powerfull as iptables, but now it's a question of time to configure snort / swatch / pktfilter and finally have it.

It would be nice to hear from you, if anyone will give it a try. I'll keep the list posted.


Romulo M. Cholewa
Home : http://www.rmc.eti.br
Forum: http://zeus.rmc.eti.br/forum
PGP Keys Available @ website.

    "Those who make peaceful revolution impossible will make    
             violent revolution inevitable." -- JFK.             

]-----Mensagem original-----
]De: Erek Adams [mailto:erek at ...950...] 
]Enviada em: terça-feira, 28 de janeiro de 2003 19:24
]Para: Michael Steele
]Cc: 'Erek Adams'; snort-users at lists.sourceforge.net
]Assunto: RE: RES: sending alerts by email / active response 
]Win2K system [RMC-J7FLJI4]
]On Tue, 28 Jan 2003, Michael Steele wrote:
]> Thanks, I required a reboot for some reason. Sending alerts now :)
]Hey, what do you expect!??!?  It's Windows!  ;-P
]/me ducks and runs for cover!
]Erek Adams
]   "When things get weird, the weird turn pro."   H.S. Thompson
]This SF.NET email is sponsored by:
]SourceForge Enterprise Edition + IBM + LinuxWorld = Something 
]2 See! http://www.vasoftware.com 
]Snort-users mailing list
]Snort-users at lists.sourceforge.net
]Go to this URL to change user options or unsubscribe: 
]Snort-users list archive: 

More information about the Snort-users mailing list