You might also want to have a look at snort_inline from the HoneyNet
project.

Katriel

On Tue, Jul 01, 2003 at 02:46:07AM +0200, Tzahi Fadida wrote:
> check out Hogwash at http://hogwash.sourceforge.net/
> never tried it, but it is a nice idea.
> 
> * - * - *
> Tzahi Fadida
> [EMAIL PROTECTED]
> Technion Email: [EMAIL PROTECTED]
> * - * - * - * - * - * - * - * - * - *
> 
> WARNING TO SPAMMERS:  see at http://members.lycos.co.uk/my2nis/spamwarning.html
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mycroft
> > Sent: Tuesday, July 01, 2003 1:14 AM
> > To: [EMAIL PROTECTED]
> > Subject: Snort - iptables addon
> > 
> > 
> > Hello,
> > Have anyone heard of/used an snort add-on that could manage iptables firewall 
> > in responce to a specific network events...like portscans or DOS attacks?
> > I know once it's detected, snort is capable of blocking it, but i was looking 
> > for more low-level approach to this issue, stopping the packets cold on IP 
> > level. I know i can use psad for such things, but again, i am looking for an 
> > add-on, not a second IDS...which i would have to cripple in order to let them 
> > live together. Googling for an answer doesn't help much.
> > -- 
> > Sincerely Yours,
> > Vasiliev Michael
> > 
> > NP: XMMS is not loaded.
> > 
> > 
> > =================================================================
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> > 
> > 
> > 
> > 
> 
> 
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to