O'Reilly logo

Network Security Hacks by Andrew Lockhart

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Automated Dynamic Firewalling with SnortSam

Use SnortSam to prevent intrusions by putting dynamic firewall rules in place to stop in-progress attacks.

An alternative to running Snort on your firewall and having it activate filtering rules on the machine it’s running on [Hack #87] is to have Snort communicate which filtering rules should be put in place when the an intrusion is detected on an external firewall. To do this, you can use SnortSam (http://www.snortsam.net).

SnortSam uses Snort’s plug-in architecture and extends Snort with the ability to notify a remote firewall, which then dynamically applies filtering rules to stop attacks that are in progress. Unlike Snort_inline, which is highly dependent on Linux, SnortSam supports a wide variety of firewalls, such as Checkpoint, Cisco, Netscreen, Firebox, OpenBSD’s pf, and even Linux’s ipchains and iptables interfaces to Netfilter. SnortSam is made up of two components, a Snort plug-in and a daemon.

To set up SnortSam, first download the source distribution and then unpack it. After you’ve done that, go into the directory it created and run this command:

$ sh makesnortsam.sh

This will build the snortsam binary, which you can then copy to a suitable place in your path (e.g., /usr/bin or /usr/local/bin).

Now download the patch for Snort, which you can get from the same site as SnortSam. After you’ve done that, unpack it:

$ tar xvfz snortsam-patch.tar.gz  NOTE patchsnort.sh patchsnort.sh.asc snortpatch8 snortpatch8.asc snortpatch9 snortpatch9.asc ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required