Menu
▾
▴
Re: [Devil-Linux-discuss] Snort and IPTables
|
From: Bradlee L. <bra...@gm...> - 2010-03-03 05:22:23
|
But snort doesn't do permanent block, does it? It would just block the packets that are detected as vulnerabilities from what I thought. Anyways, I would think they would be included to at least provide a choice. Now, if there is an article showing that this is really a bad idea, I could justify the reasoning a little better, but a lot of these programs exist and I have not seen such documentation. Thanks, Brad Landis On Tue, Mar 2, 2010 at 6:43 PM, Heiko Zuerker <he...@zu...> wrote: > Brad, > > > > Neither of those tools are included in DL. > > > > Here’s the reason behind not including these tools: > > Having snort automatically block a suspected intruder, makes you very > vulnerable to a DOS attack. > > Imagine an attacker who spoofs the source IP of the attack to be i.e. your > DNS providers IPs or the IP of the next hop…. > > > > Heiko > > > > *From:* Bradlee Landis [mailto:bra...@gm...] > *Sent:* Tuesday, March 02, 2010 1:25 PM > *To:* dev...@li... > *Subject:* [Devil-Linux-discuss] Snort and IPTables > > > > I noticed that snort is installed on DL, but I can't seem to find a way to > connect it to a firewall rule. I'm on 1.4RC1. > > Something like fwsnort - http://www.cipherdyne.org/fwsnort/ , or > snort-inline (http://snort-inline.sourceforge.net/). Are either of these, > or an alternative program installed that I am just missing, or is snort not > installed for that purpose on DL? > > Thanks, > Brad Landis > > > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > |
