Snort mailing list archives
Re: firewall rules modification based on snort logs
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 11 Jun 2003 16:23:51 -0400
At 10:38 PM 6/10/2003 -0500, Frank Knobbe wrote:
On Tue, 2003-06-10 at 12:55, Matt Kettler wrote: > However if you need to split snortsam across a insecure network, make sure > to use a SSH tunnel or similar mechanism. That still hasn't been fixed yet. However, for usage within your own network, this is acceptable imo. If you route through the Internet, use an SSH tunnel.
Agreed, which is why I specifically stated that was needed for an "insecure" network. Of course, "secure" is a relative term, and in some cases "your" network may be something like a college campus public network, in which case you may want some heavier protections.
> Needless to say that doesn't work very well, but AFAIK the > feature has been removed. It is however still mentioned in the FAQ in all > it's incorrect glory. Yeah, rub it in.... if you happen to get really annoyed with this, feel free to fix the FAQ and send me a copy.
I'm not really trying to rub it in as much as make sure that people who I recommend the tool to are aware of the limitations until the docs, etc, are updated.
If I've got spare time someday (yeah, right) I may sit down and update the FAQ and/or write up a patch for twofish.c, but given my limited free time, that's unlikely to be anytime soon.
------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- firewall rules modification based on snort logs Gaurav Kumar (Jun 10)
- Re: firewall rules modification based on snort logs Matt Kettler (Jun 10)
- Re: firewall rules modification based on snort logs Frank Knobbe (Jun 10)
- many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt' Ciprian Badescu (Jun 11)
- Re: firewall rules modification based on snort logs Matt Kettler (Jun 11)
- Re: firewall rules modification based on snort logs Frank Knobbe (Jun 10)
- <Possible follow-ups>
- RE: firewall rules modification based on snort logs John Hally (Jun 10)
- Re: firewall rules modification based on snort logs Matt Kettler (Jun 10)