'Re: [Snort-sigs] snortsam agent doesn't block ip in external firewall'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] snortsam agent doesn't block ip in external	firewall
From:       "Al Lewis (allewi)" <allewi () cisco ! com>
Date:       2015-04-28 11:31:56
Message-ID: 789F50FCB3014340B798E7CD25851FBE16ECE391 () xmb-rcd-x10 ! cisco ! com
[Download RAW message or body]

Is there a specific reason why you are using Snortsam? Seems like it is giving you a \
bunch of problems for something that snort does pretty easily standalone. 

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046 
Phone: (office) 443.430.7112
Email: allewi@cisco.com 

-----Original Message-----
From: stephane.nasdrovisky@paradigmo.com [mailto:stephane.nasdrovisky@paradigmo.com] 
Sent: Tuesday, April 28, 2015 3:13 AM
To: Daniel Lopez; Snort-sigs@lists.sourceforge.net
Subject: Re: [Snort-sigs] snortsam agent doesn't block ip in external firewall

port 18183 looks like a checkpoint (firewall-1 producer) port. I don’t know snortsam, \
but snortsam and checkpoint tells me something.

http://platforms.infostruction.com/common-checkpoint-firewall-ports/ tells:
18183 /tcp FW1_sam Check Point OPSEC Suspicious Activity Monitor API

snortsam.conf hints:
remove any opsec line
add a iptables line

have a look at
http://doc.emergingthreats.net/bin/view/Main/SnortSamREADMEconf

isn’t a snortsam agent needed on your firewall?
isn’t snortsam outdated??

Subject: [Snort-sigs] snortsam agent doesn't block ip in external firewall

[SAM] Could not connect to (PC3addr):18183! 


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud Widest \
out-of-the-box monitoring support with 50+ applications Performance metrics, stats \
and reports that give you Actionable Insights Deep dive visibility with transaction \
tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic