O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SnortSam

SnortSam is an intrusion prevention plugin for Snort. It functions by adding a new response to a Snort rule that allows the rule to trigger a change to a firewall or router. The change is usually to block or disallow traffic from or to a particular IP address for a period of time. SnortSam works with the Checkpoint Firewall-1 and Cisco PIX brands of firewalls. It also works with most Cisco-brand routers.

The idea behind implementing SnortSam is that you would be able to detect the early phases or components of an attack and automatically respond before the attacker could complete the attack. An example is reconnaissance attacks: If Snort detects a zone transfer attempt against a DNS server from an untrusted source, a blocking request ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required