Menu
▾
▴
Re: [Devil-Linux-discuss] Snort and IPTables
|
From: Heiko Z. <he...@zu...> - 2010-03-03 12:43:19
|
I'm sure there's some documentation on this out there somewhere.... ;-) You can always add a feature request in our bug tracker or send in a patch. Heiko Quoting Bradlee Landis <bra...@gm...>: > But snort doesn't do permanent block, does it? It would just block the packets that are detected as vulnerabilities from what I thought. > > Anyways, I would think they would be included to at least provide a choice. Now, if there is an article showing that this is really a bad idea, I could justify the reasoning a little better, but a lot of these programs exist and I have not seen such documentation. > > > Thanks, > Brad Landis > > On Tue, Mar 2, 2010 at 6:43 PM, Heiko Zuerker <he...@zu...> wrote: > > > > Brad, > > > > Neither of those tools are included in DL. > > > > Here?s the reason behind not including these tools: > > > > Having snort automatically block a suspected intruder, makes you very vulnerable to a DOS attack. > > > > Imagine an attacker who spoofs the source IP of the attack to be i.e. your DNS providers IPs or the IP of the next hop?. > > > > Heiko > > > > FROM: Bradlee Landis [mailto:bra...@gm...] > > SENT: Tuesday, March 02, 2010 1:25 PM > > TO: dev...@li... > > SUBJECT: [Devil-Linux-discuss] Snort and IPTables > > > > I noticed that snort is installed on DL, but I can't seem to find a way to connect it to a firewall rule. I'm on 1.4RC1. > > > > Something like fwsnort - http://www.cipherdyne.org/fwsnort/ , or snort-inline (http://snort-inline.sourceforge.net/). Are either of these, or an alternative program installed that I am just missing, or is snort not installed for that purpose on DL? > > > > Thanks, > > Brad Landis > > > > > > ------------------------------------------------------------------------------ > > Download Intel® Parallel Studio Eval > > Try the new software tools for yourself. Speed compiling, find bugs > > proactively, and fine-tune applications for parallel performance. > > See why Intel Parallel Studio got high marks during beta. > > http://p.sf.net/sfu/intel-sw-dev > > _______________________________________________ > > Devil-linux-discuss mailing list > > Dev...@li... > > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
