Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
3
Replies

Integrating Pix with Snort?

kengyiam
Level 1
Level 1

‎02-22-2006 05:17 PM - edited ‎02-21-2020 12:43 AM

Hello,

Just to check, anyone here integrate Pix with Snort before? For example, when Snort detect something fishy about a remote IP address, it will automatically send an alert to Pix and Pix will automatically generate an access-list to block off that IP address. I suppose this require some scripts on both Snort machine and Pix?

Any idea? Thanks

0 Helpful
3 Replies 3

Patrick Iseli
Level 7
Level 7

‎02-22-2006 05:52 PM

This requires a Script on Snort, but this is quiet dangerous.

What would happen if I spoof your outside IP as SRC IP in a forget packet or one of your clients IP....

sincerely

Patrick

0 Helpful

kengyiam
Level 1
Level 1
In response to Patrick Iseli

‎02-22-2006 09:48 PM

"spoof your outside IP as SRC IP in a forget packet or one of your clients IP"?? I don't really get it.

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to kengyiam

‎02-23-2006 05:36 AM

Blocking connections on a Router or PIX with an IDS is a time consuming and dangerous task. You need to be sure that you block the right Source IP.

It is always possible to create with hacker tools an attack on which you change the Source IP Address and attack your system. This often the case for DOS Denial of Service even for TCP.

IDS - Inrusion Detection systems are now replaced by Intrusion Prevention Systems which are connected inline as a Router with 2 interfaces. This allows to block traffic in real-time.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card