Download Latest Version
All Threee Tools, Example Commands and README files (156.1 kB)
Get an email when there's a new version of Build FW1 Cisco Netscreen PolicyFromLogs
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| toot_readme.txt | 2011-02-24 | 2.0 kB | |
| toot | 2011-02-24 | 10.8 kB | |
| Totals: 2 Items | 12.8 kB | 0 | |
Toot ReadMe v1 by Dan Martin 2010, 360 Analytics Limited, http://www.360analytics.co.uk , dan at 360 analytics dot co dot uk Firstly, toot is not one of the three tools. Its the test version, hence: T(est)OOT I just cut and pasted from choot into nwoot to make toot!! Dont use it! ;-) For better thought out stuff see the woot, nwoot, 'n' choot scripts.... not much better though TOOT is based on nwoot, simply because it deals with the deepest policy hash, but instead of just writing ScreenOS 6 commands it writes DBEDIT and Cisco ACL's as well (ok well, maybe not Cisco ACL's at the moment but it would be easy enough to cut and paste and add :). The DBEDIT policies could be plenty better but this is the test version so what the hell. It will also has a mode to subnet every IP it sees to its /24 and build a policy using those instead but I REALLY REALLY wouldn't recommend using it for anything except maybe, in a test situation on your hamsters ifeeder link (assuming you have a Netscreen there) because it will build HIGHLY INSECURE policies. The only real use I've found for making /24 policies is to make some attempt at dealing with highly noisy ms networks that use high ports everywhere!! It groups networks that are using similar highports... in some cases, but being as it was easy I stuck it in. See the other readme's for info or download the WooterWoot.zip file and also get two pretty logos WOOT... err I mean TOOT!!! FOR SUBNET /24 POLICIES RUN: ./toot Netscreen.log SUBNET24 filter1 filter2 - for a policy all subneted to /24 - named hosts are retained. In screen OS format ./toot Netscreen.log SUBCSV24 filter1 filter2 - for a policy all subneted to /24 - named hosts are retained. In CSV format FOR DBEDIT POLICIES RUN: ./toot Netscreen.log DBEDIT filter1 filter2 - for a policy written in dbedit. the rest of the commands are the same as nwoot, see the readme. This is the readme for TOOT!! Check out WOOT, NWOOT, n CHOOT... if the names don't put you off