[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    Re: [Sidewinder] StrikeBack
From:       sidewinder-admin () adeptech ! com
Date:       2004-01-26 18:03:07
Message-ID: 200401262047.i0QKlCk29741 () aag ! adeptech ! com
[Download RAW message or body]

Depending on your situation, configuration and requirements you could look
into adding an ignore rule(s) to auditbotd.conf.

Andy

On Mon, 26 Jan 2004 sidewinder-admin@adeptech.com wrote:

> Date: Mon, 26 Jan 2004 10:40:08 -0600
> From: sidewinder-admin@adeptech.com
> Reply-To: sidewinder@adeptech.com
> To: sidewinder@adeptech.com
> Subject: Re: [Sidewinder] StrikeBack
>
> The audit filters used by the auditbot to drive strikeback are all in the
> file /etc/sidewinder/audit_filters.conf.  The syntax is described in the
> sacap_filter man page, and is a lot like tcpdump.  If, for example, you
> were talking about the netprobe filter, which looks like "type
> AUDIT_T_NETPROBE" to start with, you could just change it to "type
> AUDIT_T_NETPROBE and not src_ip 192.168.1.0/24".
>
> -dave
>
> --On Monday, January 26, 2004 11:00 AM -0500
> sidewinder-admin@adeptech.com wrote:
>
> > Anyone has a quick an easy way to prevent strikeback from happening on
> > an inside burb with Sidewinder G2? For example, do not strikeback if
> > source IP is 192.168.1.0/24 ?
> >
> > Thanks
> >
> >
> > _______________________________________________
> > Sidewinder mailing list
> > Sidewinder@adeptech.com
> > http://mail.adeptech.com/mailman/listinfo/sidewinder
>
> Dave Diehl
> Principal Engineer
>
> Secure Computing
> Securing connections between people, applications, and networks(tm)
> www.securecomputing.com
> NASDAQ: SCUR
>
> Dave_Diehl@securecomputing.com
> _______________________________________________
> Sidewinder mailing list
> Sidewinder@adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
>

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic