-----Original Message-----
Subject: [Snort-users] Compiling snort for CheckPoint Firewall-1 support
i would like to test snort 2.4.4 release with CheckPoint fw-1 (NGR55 and
NGX) and in-line > (snort-inline.sf.net) support. I have used snortsam last
months, but I need a real IPS now
thath sends commands to my firewalls and blocks traffic. How can I compile
snort for fw1 ?
support???
You can't build Snort with FW-1 specific support like you can with
RealSecure or other commercial products that have OPSEC(tm) support.
However, you can build Snort with flexible response (configure
--enable-flexresp && make) and then Snort can send TCP RST or ICMP
unreachable packets to both attacker and target which will shut down the
connection.
One tip with using TCP RST and FW-1: you will probably want to place the
Snort sensor on the VLAN immediately inside the firewall and disable
spoofing protection on the inside interface. Otherwise FW-1 is prone to
dropping the TCP RST packets and leaving connections in the state table that
you want killed.
PaulM
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
