RE: Hogwash for Windows

["Lars Troen" <Lars.Troen () proxycom no>]

> The best you can do is to get snortsam to talk to checkpoint 
> firewall-1, 
> which is a commercial software firewall which runs on windows.

Well... It's not limited to fw-1. Snortsam now supports fw1, pix, cisco routers, netscreen, ipf, pf, ipchains and 
more... These doesn't support win32 (except fw1), but might be somewhat likely that you're having a cisco router as 
your internet router.

> This is similar to hogwash, but runs slightly-less realtime, 
> and costs $ 
> for a copy of firewall-1. I'd also advise doing some 
> searching for bugtraq 
> posts on firewall-1 and compare it to the number about other 
> firewalls 
> prior to buying it. I'm not sure if it's better or not, but 
> certainly worth 
> doing some minimal research prior to spending money on it.

Firewall-1 can also function similarly as hogwash do by itself now. With it's "Application Intelligence" and 
SmartDefense functionality (available in FP3 and FP4) you can define your own regex strings that triggers the firewall. 
Some default rules for CodeRed, Nimda etc are included and you can subscribe to updates from checkpoint for some $. 

Lars


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users