This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature request: snortsam or equivalant

there have been a couple of threads discussing this but so the interest does not get lost.

The current IDS implementation in Astaro 5.x drops individual packets that trip one of the snort traps.

A feature that would allow adding the IP addresses of the source of these tripped packets to a block list would be an excellent feature.

All of these functions are already developed in the GPL project snortsam. It also intelegently handles rollback, whitelists etc etc.

This would be an excellent feature IMHO as from my tests (on another firewall) it reduces the IDS alarm count by 90%+ and reduces logs and CPU load as a consequence

www.snortsam.net

This thread was automatically locked due to age.

0 PenTest over 21 years ago in reply to Markus Hennig

Markus,

thanks very much for taking the ime to respond. I am quite new here and have not managed to catch up on my back reading so appologies.

I totally understand why you cannot and will not ever comment on feature requests. It would be folly to give competitors (if you have any [;)].

I have some other ideas based on firewalls I have worked on both GPL and commercail in the past shortcomings and benefits.

I'll post them as they come up for Astaro to ponder at their discretion.

Kudos

mark
Cancel
Vote Up 0 Vote Down

Cancel