[Snort-users] react: block not working
mkettler at ...4108...
Fri Feb 6 08:40:17 EST 2004
At 09:25 AM 2/6/2004, Micheal.Cottingham wrote:
>am doing this for other things such as MSSQL Propogation Attempt, NMAP
>Ping, etc. I especially want to block ICMP Large Packet as the
>TTL's have been modified, and the payload is a bit screwy to say the
>least. MSSQL Propogation Attempt is another big one on my list. I am in a
>pure windows environment and my boss is not favorable of *nix, so hogwash
>is out of the question I'm afraid. snort-inline is also just *nix if I
>am not mistaken, is it not? I am using Snort 2.1. Any help would be
Whoops, sorry, missed the second half...
Really, since Windows doesn't come with a flexible scriptable firewall,
there's little that you can do directly on a windows box itself.
If you must stick to windows-only you can buy a copy of CheckPoint FW/1 for
your Windows box and use snortsam.
Although for the money I'd recommend not buying FW/1 and getting a separate
firewall box and have snortsam command that. For the price of FW/1 you
should be able to buy a Cisco PIX or Watchguard firebox. From what I read
on the net, Checkpoint can be pretty pricey.
Snortsam can handle a variety of firewalls and can run with snort on a
windows box :
More information about the Snort-users