[Snort-users] Hogwash for Windows

Lars Troen Lars.Troen at ...6652...
Thu Jul 10 02:24:17 EDT 2003


> 
> The best you can do is to get snortsam to talk to checkpoint 
> firewall-1, 
> which is a commercial software firewall which runs on windows.

Well... It's not limited to fw-1. Snortsam now supports fw1, pix, cisco routers, netscreen, ipf, pf, ipchains and more... These doesn't support win32 (except fw1), but might be somewhat likely that you're having a cisco router as your internet router.

> This is similar to hogwash, but runs slightly-less realtime, 
> and costs $ 
> for a copy of firewall-1. I'd also advise doing some 
> searching for bugtraq 
> posts on firewall-1 and compare it to the number about other 
> firewalls 
> prior to buying it. I'm not sure if it's better or not, but 
> certainly worth 
> doing some minimal research prior to spending money on it.

Firewall-1 can also function similarly as hogwash do by itself now. With it's "Application Intelligence" and SmartDefense functionality (available in FP3 and FP4) you can define your own regex strings that triggers the firewall. Some default rules for CodeRed, Nimda etc are included and you can subscribe to updates from checkpoint for some $. 

Lars




More information about the Snort-users mailing list