Can somebody tell, if I can drop packet with snort? Ou I just log and alert? If I can, how I do this? Thanks ... regards! -- #=============================# # Rodrigo Ribeiro Montoro # # Network Services Center # # rodrigo@nscenter.com.br # # Sao Paulo - SP - Brazil # #=============================#
Can somebody tell, if I can drop packet with snort? Ou I just log and alert? If I can, how I do this?
Snort is a packet logger and sniffer. Generally you can't make snort block traffic. But there is an enhancement for snort you can make ipchains an active firewall. It's name is Guardian and can be downloaded on www.snort.org. I think it has the functionality you need. It runs on snort v. 1.6.x HTH Philipp
Thanks ... regards! -- #=============================# # Rodrigo Ribeiro Montoro # # Network Services Center # # rodrigo@nscenter.com.br # # Sao Paulo - SP - Brazil # #=============================#
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Thanks Philipp, it was what I was looking for. I already take it, but I have snort 1.7? can I use? Because I didn't find any text about this. Regards and Thanks .... Philipp Snizek wrote:
Can somebody tell, if I can drop packet with snort? Ou I just log and alert? If I can, how I do this?
Snort is a packet logger and sniffer. Generally you can't make snort block traffic. But there is an enhancement for snort you can make ipchains an active firewall. It's name is Guardian and can be downloaded on www.snort.org. I think it has the functionality you need. It runs on snort v. 1.6.x
HTH Philipp
Thanks ... regards! -- #=============================# # Rodrigo Ribeiro Montoro # # Network Services Center # # rodrigo@nscenter.com.br # # Sao Paulo - SP - Brazil # #=============================#
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- #=============================# # Rodrigo Ribeiro Montoro # # Network Services Center # # rodrigo@nscenter.com.br # # http://www.nscenter.com.br # # Tel:(11)3271-0909 # # Cel:(11)9771-0133 # # Sao Paulo - SP # #=============================#
Sp0oKeR Post this on the Snort list. They will be able to help you. snort-users@lists.sourceforge.net Sp0oKeR wrote:
Thanks Philipp, it was what I was looking for. I already take it, but I have snort 1.7? can I use? Because I didn't find any text about this.
Regards and Thanks ....
Philipp Snizek wrote:
Can somebody tell, if I can drop packet with snort? Ou I just log and alert? If I can, how I do this?
Snort is a packet logger and sniffer. Generally you can't make snort block traffic. But there is an enhancement for snort you can make ipchains an active firewall. It's name is Guardian and can be downloaded on www.snort.org. I think it has the functionality you need. It runs on snort v. 1.6.x
HTH Philipp
Thanks ... regards! -- #=============================# # Rodrigo Ribeiro Montoro # # Network Services Center # # rodrigo@nscenter.com.br # # Sao Paulo - SP - Brazil # #=============================#
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- #=============================# # Rodrigo Ribeiro Montoro # # Network Services Center # # rodrigo@nscenter.com.br # # http://www.nscenter.com.br # # Tel:(11)3271-0909 # # Cel:(11)9771-0133 # # Sao Paulo - SP # #=============================#
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, to prevent some public avialable exploit Roman suggests to execute on SuSE 7.1 and 7.2 machines with package pcp installed (check with rpm -q pcp) the following command as root: chmod a-s /usr/share/pcp/bin/* or deinstall the package if not needed (rpm -e pcp). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Hi,
to prevent some public avialable exploit Roman suggests to execute on SuSE 7.1 and 7.2 machines with package pcp installed (check with rpm -q pcp) the following command as root:
chmod a-s /usr/share/pcp/bin/*
or deinstall the package if not needed (rpm -e pcp).
Thanks, Steffen. The update packages are on their way to the ftp server (should be there already). I think we'll see an announcement soon. This suid bit is a complete joke. Embarrassing...
oki,
Steffen
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (5)
-
dany allard -
Philipp Snizek -
Roman Drahtmueller -
Sp0oKeR -
Steffen Dettmer