[snort-users] Blocking with a PIX

Hutchinson, Andrew andrew.hutchinson at ...759...
Tue May 11 07:27:03 EDT 2004

The shuns won't show up in the rulebase.  Connect to the pix, get to an
enable prompt, and type 'sh shun' to see if the shuns are being applied.
It should show a list of the current shuns in place.
Andrew Hutchinson - Network Security
Vanderbilt University Medical Center
(615) 936-2856

	-----Original Message-----
	From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
d.deboni at ...11639...
	Sent: Tuesday, May 11, 2004 8:45 AM
	To: snort-users at lists.sourceforge.net
	Subject: [snort-users] Blocking with a PIX

	Hi to everyone, 
	I've configured snort with snortsam to block attacks from the
	It worked all perfectly when I tried it on a Cisco Router. 
	But now I need to do that with a Cisco PIX. 
	Here's the snortsam.conf file: 
	When I try to launch both snort and snortsam I see these
messages, and it seems that snortsam is applying the rules on the pix: 
	Checking for existing state file: Present. Reading State 
	Starting to listen for Snort alerts. 
	Accepted connection from 
	Accepted connection from 
	Adding sensor to list. 
	Blocking host <IP> completely for 7200 seconds 
	Accepted connection from 
	Blocking host <IP> completely for 7200 seconds 
	Accepted connection from 
	Blocking host <IP> completely for 7200 seconds 
	and so on... 
	By the way if I look at the Pix configuration there are no rules
	I know that the PIX Plugin use the shun command to block IP, and
if i try it manually on the Pix it works. 
	I've tried to disable telnet for the Snort/Snortsam server on
the Pix to see if Snortsam works anyway. If I do that SnortSam says it
can't connect to Pix. 
	So it seems that SnortSam "works".... 
	Thanks for help 
	Davide De Boni
	Email: d.deboni at ...11639...
	e.Dexter S.P.A.
	C.so Risorgimento 5
	28823 Ghiffa (VB)
	Tel +39.0323.407733
	Fax +39.0323.53558

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040511/06877e65/attachment.html>

More information about the Snort-users mailing list