[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Snort and FW-1 .. feasible?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Imre Kertesz [mailto:[email protected]] > Sent: Wednesday, December 13, 2000 11:04 AM > > I am interested in the process by which intrusion detection > products such as RealSecure dynamically push rules to FW-1. I want > to use other intrusion detection apps, such as Snort, to work with > FW-1 in the same capacity. I assume that this will involve getting > the interface API and coding some custom linking apps. Is there an > easier way to do this? I have written a couple batch files under the Win32 port that monitor the alert.log file of snort, connect to the FW management station, and call the SAM to block the offender on the firewall modul(es) specified. It currently has a ~3 second delay between detection and block, I'm planning to make use of the new (under the Win32 port) syslog feature to get a faster response. Email me offline if you are interested. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOjf39URKym0LjhFcEQJjwwCcDTuafZ3dHNWIvuFQou68JqnMyq8An2cd s8dZbkMHNCUStZwELmmDRf0Q =AASi -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|