Re: firewall rules modification based on snort logs

[Frank Knobbe <fknobbe () knobbeits com>]

On Tue, 2003-06-10 at 12:55, Matt Kettler wrote:

> However if you need to split snortsam across a insecure network, make sure 
> to use a SSH tunnel or similar mechanism. It acts by injecting 
> configuration commands to your existing firewall, so it works with 
> IPTables, instead of alongside it. Older versions of Snortsam tried to use 
> encryption without a MAC (only a sequence number) to provide authentication 
> and integrity..

That still hasn't been fixed yet. However, for usage within your own
network, this is acceptable imo. If you route through the Internet, use
an SSH tunnel.

The fix for checking a complete packet (as we had discussed earlier) is
still on my to-do list (which get's larger every day). Feel free to
assist with a revised implementation. The change would have to occur in
twofish.c.

>  Needless to say that doesn't work very well, but AFAIK the 
> feature has been removed. It is however still mentioned in the FAQ in all 
> it's incorrect glory.

Yeah, rub it in.... if you happen to get really annoyed with this, feel
free to fix the FAQ and send me a copy.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part