Snort mailing list archives
Re: Blocking attacking IP address for some time using Snort and PIX
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 02 Oct 2003 19:13:00 -0500
On Thu, 2003-10-02 at 18:49, kanwal jeet wrote:
I have Pix firewall and i want IDS to instruct the PIX firewall to drop all traffic coming from the source IP of the attacker and then remove the ban after a period of time has expired. Is it possible with snort ? i know it is possible with Cisco IDS. Can i accomplish the same with Snort ?
This is possible with the Snortsam plugin. See http://www.snortsam.net for more information. Be aware though that there is an issue in the PIX plugin that affects some people but not others. In my tests it worked fine, but some folks reported timeout issues. No one has been able to put a finger on it yet. It may work for you, or not. Please let us know in discussion () snortsam net, or at least in an email to me. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Blocking attacking IP address for some time using Snort and PIX kanwal jeet (Oct 02)
- Re: Blocking attacking IP address for some time using Snort and PIX Matt Kettler (Oct 02)
- Re: Blocking attacking IP address for some time using Snort and PIX Frank Knobbe (Oct 04)
- Re: Blocking attacking IP address for some time using Snort and PIX kanwal jeet (Oct 02)