Hi,
Just stumbled across SnortSam whcih is a plugin for Snort, allows for automated blocking
of IP addresses on many firewalls including ipfw2 and pf.
http://www.snortsam.net
SnortSam consists of two pieces -- the output plugin within Snort and an intelligent agent
that runs on the firewall, or a host near the firewall. The agent provides a variety of
capabilities that go beyond other automated blocking mechanisms, such as:
* White-list support of IP addresses that will never be blocked.
* Time-override list.
* Flexible, per rule blocking specification, including rule dependent blocking
time interval.
* Misuse/Attack detection engine (including roll-back support) that attempts to mitigate
the risk of a self-inflicted Denial-Of-Service in the IDS-Firewall integration.
* Repetitive (same IP) block prevention with customizable window to improve
performance.
* TwoFish encrypted communication between Snort and the SnortSam agent.
* True OPSEC support using the Checkpoint SDK (opsec plugin).
* Block tracking and block expiration for firewalls that don't support timeouts.
* Multi-threading for faster processing and simultaneous block on multiple
devices.
* File logging and email notification of events.
* ... and finally, using the client/server (snort/snortsam) architecture to build large,
distributed
raj
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
