[Snort-users] Hogwash for Windows

Matt Kettler mkettler at ...7367...
Wed Jul 9 18:16:10 EDT 2003


At 08:44 AM 7/9/2003 -0400, Joe Kinsella wrote:
>Is there an equivalent of Hogwash for the Windows version of snort?  I have
>a good rule set for one of my servers and would like to drop offending
>packets.

Given that windows itself does not have a built-in packet filter or 
firewall along the lines of what iptables is, windows can't do this without 
commercial add-ons.

The best you can do is to get snortsam to talk to checkpoint firewall-1, 
which is a commercial software firewall which runs on windows.

This is similar to hogwash, but runs slightly-less realtime, and costs $ 
for a copy of firewall-1. I'd also advise doing some searching for bugtraq 
posts on firewall-1 and compare it to the number about other firewalls 
prior to buying it. I'm not sure if it's better or not, but certainly worth 
doing some minimal research prior to spending money on it.

I'm also not sure quite how much FW-1 costs, but I've read it referred to 
as being a market leader, and a market leader in price as well.






More information about the Snort-users mailing list