[Snort-users] firewall rules modification based on snort logs

Frank Knobbe fknobbe at ...652...
Tue Jun 10 20:40:01 EDT 2003

On Tue, 2003-06-10 at 12:55, Matt Kettler wrote:

> However if you need to split snortsam across a insecure network, make sure 
> to use a SSH tunnel or similar mechanism. It acts by injecting 
> configuration commands to your existing firewall, so it works with 
> IPTables, instead of alongside it. Older versions of Snortsam tried to use 
> encryption without a MAC (only a sequence number) to provide authentication 
> and integrity..

That still hasn't been fixed yet. However, for usage within your own
network, this is acceptable imo. If you route through the Internet, use
an SSH tunnel.

The fix for checking a complete packet (as we had discussed earlier) is
still on my to-do list (which get's larger every day). Feel free to
assist with a revised implementation. The change would have to occur in

>  Needless to say that doesn't work very well, but AFAIK the 
> feature has been removed. It is however still mentioned in the FAQ in all 
> it's incorrect glory.

Yeah, rub it in.... if you happen to get really annoyed with this, feel
free to fix the FAQ and send me a copy.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030610/81788e29/attachment.sig>

More information about the Snort-users mailing list