Michael W Cocke
2005-Mar-29 17:37 UTC
Shorewall and an inline IDS (snort-inline or hogwash)
Is anyone using an inline IDS like hogwash or snort-inline to drop packets in a system running shoreline? I _think_ I see how to configure it, but I''d be really interested in finding a howto or something... Thanks! Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments.
mynullvoid
2005-Mar-30 03:33 UTC
Re: Shorewall and an inline IDS (snort-inline or hogwash)
If I am not mistaken snort-inline is already in snort 2.3.2 --- Michael W Cocke <cocke@catherders.com> wrote:> Is anyone using an inline IDS like hogwash or > snort-inline to drop > packets in a system running shoreline? I _think_ I > see how to > configure it, but I''d be really interested in > finding a howto or > something... > > Thanks! > > Mike- > > -- > Mornings: Evolution in action. Only the grumpy > will survive. > -- > > Please note - Due to the intense volume of spam, we > have installed site-wide spam > filters at catherders.com. If email from you > bounces, try non-HTML, non-encoded, > non-attachments. > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >__________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Michael W Cocke
2005-Mar-30 16:15 UTC
Re: Shorewall and an inline IDS (snort-inline or hogwash)
On Tue, 29 Mar 2005 19:33:51 -0800 (PST), you wrote:>If I am not mistaken snort-inline is already in snort >2.3.2The executable isn''t and the online snort docs don''t mention anything about the capability. I''ve got Snort running now in tandem with Shorewall 2.2, but I''m VERY interested in adding the ''drop packet'' capability. As I read the docs, since Shorewall is essentially using iptables, it should be doable, but I was hoping to find some more info. Guess I''ll hack around with it tomorrow and see if I let the smoke out. Mike-> > >--- Michael W Cocke <cocke@catherders.com> wrote: >> Is anyone using an inline IDS like hogwash or >> snort-inline to drop >> packets in a system running shoreline? I _think_ I >> see how to >> configure it, but I''d be really interested in >> finding a howto or >> something... >> >> Thanks! >> >> Mike- >> >> -- >> Mornings: Evolution in action. Only the grumpy >> will survive. >> -- >> >> Please note - Due to the intense volume of spam, we >> have installed site-wide spam >> filters at catherders.com. If email from you >> bounces, try non-HTML, non-encoded, >> non-attachments. >> _______________________________________________ >> Shorewall-users mailing list >> Post: Shorewall-users@lists.shorewall.net >> Subscribe/Unsubscribe: >> >https://lists.shorewall.net/mailman/listinfo/shorewall-users >> Support: http://www.shorewall.net/support.htm >> FAQ: http://www.shorewall.net/FAQ.htm >> > > > >__________________________________ >Do you Yahoo!? >Yahoo! Small Business - Try our new resources site! >http://smallbusiness.yahoo.com/resources/ >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm-- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments.
Jaime Nebrera
2005-Mar-30 16:31 UTC
Re: Shorewall and an inline IDS (snort-inline or hogwash)
Hi Mike,> I''ve got Snort running now in tandem with Shorewall 2.2, but I''m VERY > interested in adding the ''drop packet capability. As I read the docs, > since Shorewall is essentially using iptables, it should be doable, > but I was hoping to find some more info. Guess I''ll hack around with > it tomorrow and see if I let the smoke out.Do you have snort inline working with shorewall? We are very interested in that solution, could you provide a little howto? :) Or you just have Snort AND shorewall but not working together :( Regards -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18
Michael W Cocke
2005-Mar-30 16:50 UTC
Re: Shorewall and an inline IDS (snort-inline or hogwash)
On Wed, 30 Mar 2005 18:31:40 +0200, you wrote:> Hi Mike, > >> I''ve got Snort running now in tandem with Shorewall 2.2, but I''m VERY >> interested in adding the ''drop packet capability. As I read the docs, >> since Shorewall is essentially using iptables, it should be doable, >> but I was hoping to find some more info. Guess I''ll hack around with >> it tomorrow and see if I let the smoke out. > > Do you have snort inline working with shorewall? We are very >interested in that solution, could you provide a little howto? :) > > Or you just have Snort AND shorewall but not working together :( > > RegardsThe latter. I see (later in this thread) that Tom has just added the necessary capability to Shorewall, so I''m very happy I subscribed to this list! $DIETY knows how much time I would have wasted fooling around. Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments.