[Snort-users] firewall rules modification based on snort logs
mkettler at ...4108...
Wed Jun 11 13:26:11 EDT 2003
At 10:38 PM 6/10/2003 -0500, Frank Knobbe wrote:
>On Tue, 2003-06-10 at 12:55, Matt Kettler wrote:
> > However if you need to split snortsam across a insecure network, make sure
> > to use a SSH tunnel or similar mechanism.
>That still hasn't been fixed yet. However, for usage within your own
>network, this is acceptable imo. If you route through the Internet, use
>an SSH tunnel.
Agreed, which is why I specifically stated that was needed for an
"insecure" network. Of course, "secure" is a relative term, and in some
cases "your" network may be something like a college campus public network,
in which case you may want some heavier protections.
> > Needless to say that doesn't work very well, but AFAIK the
> > feature has been removed. It is however still mentioned in the FAQ in all
> > it's incorrect glory.
>Yeah, rub it in.... if you happen to get really annoyed with this, feel
>free to fix the FAQ and send me a copy.
I'm not really trying to rub it in as much as make sure that people who I
recommend the tool to are aware of the limitations until the docs, etc, are
If I've got spare time someday (yeah, right) I may sit down and update the
FAQ and/or write up a patch for twofish.c, but given my limited free time,
that's unlikely to be anytime soon.
More information about the Snort-users