NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2002-12

From: ams67 (ams67_at_xtra.co.nz)
Date: Mon Dec 02 2002 - 15:47:01 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

IMAO IDSs should not interfere with FWs. If I spoof my IP address with
your current, e.g. DNS server and send a forged packet with an attack
signature to your network protected by your IDS/FW integrated system I
can create an easy DoS by stopping legal and operational traffic.
That is really easy to accomplish (e.g. nmap -D your.good.dns.server,
your.good.external.router, etc..).

My 2 cents

Tony

-----Original Message-----
From: snort-users-adminlists.sourceforge.net
[mailto:snort-users-adminlists.sourceforge.net] On Behalf Of Mike
Koponick
Sent: Wednesday, 27 November 2002 6:48 a.m.
To: snort-userslists.sourceforge.net
Subject: [Snort-users] SHUN

Hello,

Does SNORT support adding commands to firewalls? As an example, if I
received a BAD packet, I would like to add a filter based on that
information to my firewall. I understand that SNORT cannot decide which
packets are bad, but I would think we would be able to trace an issue
once
the command has been executed.

Any ideas?

Thanks in advance,

Mike

-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]