Friday, December 7

Snort question from the Mailbag

I got this email today in the mailbag:

"i have configure and running snort for NIDS (network intrusion detecting system), when i make DDOS attack simulations the snort can be detect the attack and rise alert. in another side there is gateway who contain general firewall. my purpose is when snort rise alert this is can make gateway computer applied the firewall, would you like to give me solutions for that.
thanks you very much."

What I think this person is asking is, "How can I get Snort to automatically update my firewall based on it's alerts."

Well, there are several answers to the question, the most reliable answer being: "Buy a Sourcefire 3D system"  Not only do you get the ability to do that, but you get SO much more.
The second answer to the question is, "Use SnortSAM".  SnortSAM is a project started (I believe) by Frank Knobbe.  

I've never used SnortSAM, so I can't say good or bad about it, but YMMV.

No comments: