Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Integrating Pix with Snort?

Hello,

Just to check, anyone here integrate Pix with Snort before? For example, when Snort detect something fishy about a remote IP address, it will automatically send an alert to Pix and Pix will automatically generate an access-list to block off that IP address. I suppose this require some scripts on both Snort machine and Pix?

Any idea? Thanks

3 REPLIES

Re: Integrating Pix with Snort?

This requires a Script on Snort, but this is quiet dangerous.

What would happen if I spoof your outside IP as SRC IP in a forget packet or one of your clients IP....

sincerely

Patrick

New Member

Re: Integrating Pix with Snort?

"spoof your outside IP as SRC IP in a forget packet or one of your clients IP"?? I don't really get it.

Re: Integrating Pix with Snort?

Blocking connections on a Router or PIX with an IDS is a time consuming and dangerous task. You need to be sure that you block the right Source IP.

It is always possible to create with hacker tools an attack on which you change the Source IP Address and attack your system. This often the case for DOS Denial of Service even for TCP.

IDS - Inrusion Detection systems are now replaced by Intrusion Prevention Systems which are connected inline as a Router with 2 interfaces. This allows to block traffic in real-time.

sincerely

Patrick

323
Views
0
Helpful
3
Replies
CreatePlease to create content