[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: Re: [Snort-sigs] snortsam agent doesn't block ip in external firewall
From: "Al Lewis (allewi)" <allewi () cisco ! com>
Date: 2015-04-28 11:31:56
Message-ID: 789F50FCB3014340B798E7CD25851FBE16ECE391 () xmb-rcd-x10 ! cisco ! com
[Download RAW message or body]
Is there a specific reason why you are using Snortsam? Seems like it is giving you a \
bunch of problems for something that snort does pretty easily standalone.
Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi@cisco.com
-----Original Message-----
From: stephane.nasdrovisky@paradigmo.com [mailto:stephane.nasdrovisky@paradigmo.com]
Sent: Tuesday, April 28, 2015 3:13 AM
To: Daniel Lopez; Snort-sigs@lists.sourceforge.net
Subject: Re: [Snort-sigs] snortsam agent doesn't block ip in external firewall
port 18183 looks like a checkpoint (firewall-1 producer) port. I don’t know snortsam, \
but snortsam and checkpoint tells me something.
http://platforms.infostruction.com/common-checkpoint-firewall-ports/ tells:
18183 /tcp FW1_sam Check Point OPSEC Suspicious Activity Monitor API
snortsam.conf hints:
remove any opsec line
add a iptables line
have a look at
http://doc.emergingthreats.net/bin/view/Main/SnortSamREADMEconf
isn’t a snortsam agent needed on your firewall?
isn’t snortsam outdated??
Subject: [Snort-sigs] snortsam agent doesn't block ip in external firewall
[SAM] Could not connect to (PC3addr):18183!
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud Widest \
out-of-the-box monitoring support with 50+ applications Performance metrics, stats \
and reports that give you Actionable Insights Deep dive visibility with transaction \
tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic