[Snort-users] firewall rules modification based on snort logs

Matt Kettler mkettler at ...4108...
Wed Jun 11 13:26:11 EDT 2003


At 10:38 PM 6/10/2003 -0500, Frank Knobbe wrote:
>On Tue, 2003-06-10 at 12:55, Matt Kettler wrote:
>
> > However if you need to split snortsam across a insecure network, make sure
> > to use a SSH tunnel or similar mechanism.
>
>That still hasn't been fixed yet. However, for usage within your own
>network, this is acceptable imo. If you route through the Internet, use
>an SSH tunnel.

Agreed, which is why I specifically stated that was needed for an 
"insecure" network. Of course, "secure" is a relative term, and in some 
cases "your" network may be something like a college campus public network, 
in which case you may want some heavier protections.

> >  Needless to say that doesn't work very well, but AFAIK the
> > feature has been removed. It is however still mentioned in the FAQ in all
> > it's incorrect glory.
>
>Yeah, rub it in.... if you happen to get really annoyed with this, feel
>free to fix the FAQ and send me a copy.

I'm not really trying to rub it in as much as make sure that people who I 
recommend the tool to are aware of the limitations until the docs, etc, are 
updated.

If I've got spare time someday (yeah, right) I may sit down and update the 
FAQ and/or write up a patch for twofish.c, but given my limited free time, 
that's unlikely to be anytime soon.





More information about the Snort-users mailing list