April 2004
Intermediate to advanced
320 pages
9h 10m
English
Content preview from Network Security HacksBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Automated Dynamic Firewalling with SnortSam
Use SnortSam to prevent intrusions by putting dynamic firewall rules in place to stop in-progress attacks.
An alternative to running Snort on
your firewall and having it activate filtering rules on the machine
it’s running on
[Hack #87]
is to have Snort communicate which filtering rules should be put in
place when the an intrusion is detected on an external firewall. To
do this, you can use SnortSam (http://www.snortsam.net).
SnortSam uses Snort’s plug-in
architecture and extends Snort with the ability to notify a remote
firewall, which then dynamically applies filtering rules to stop
attacks that are in progress. Unlike
Snort_inline, which is highly dependent on
Linux, SnortSam supports a wide variety of
firewalls, such as Checkpoint, Cisco, Netscreen, Firebox,
OpenBSD’s pf, and even Linux’s
ipchains and iptables interfaces to Netfilter.
SnortSam is made up of two components, a Snort
plug-in and a daemon.
To set up SnortSam, first download the source
distribution and then unpack it. After you’ve done
that, go into the directory it created and run this command:
$ sh makesnortsam.shThis will build the snortsam binary, which you can
then copy to a suitable place in your path (e.g.,
/usr/bin or
/usr/local/bin).
Now download the patch for Snort, which you can get from the same
site as SnortSam. After you’ve
done that, unpack it:
$ tar xvfz snortsam-patch.tar.gz NOTE patchsnort.sh patchsnort.sh.asc snortpatch8 snortpatch8.asc snortpatch9 snortpatch9.asc ...Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.