Menu
▾
▴
Re: [Devil-Linux-discuss] Snort and IPTables
|
From: Heiko Z. <he...@zu...> - 2010-03-03 01:10:16
|
Brad, Neither of those tools are included in DL. Here's the reason behind not including these tools: Having snort automatically block a suspected intruder, makes you very vulnerable to a DOS attack. Imagine an attacker who spoofs the source IP of the attack to be i.e. your DNS providers IPs or the IP of the next hop.. Heiko From: Bradlee Landis [mailto:bra...@gm...] Sent: Tuesday, March 02, 2010 1:25 PM To: dev...@li... Subject: [Devil-Linux-discuss] Snort and IPTables I noticed that snort is installed on DL, but I can't seem to find a way to connect it to a firewall rule. I'm on 1.4RC1. Something like fwsnort - http://www.cipherdyne.org/fwsnort/ , or snort-inline (http://snort-inline.sourceforge.net/). Are either of these, or an alternative program installed that I am just missing, or is snort not installed for that purpose on DL? Thanks, Brad Landis |
