hey, if you're interested in making a gui for snort, let me know. that might be a cool project.


m3m3tic

You do understand that Snort is not a firewall? Snort can't do what he wants.

yeah, you are absolutely right, it's an IDS. but, snort listens based on the rules that you generate (kinda like iptables), and it can pass on any of the information it gathers to anywhere that you want. It could send the ips of "bad guys" to a box on your network that blocks them, for example. you can even configure snort to have an ip blocked, for say, an hour. or, configure snort to make sure traffic from certain boxes never get blocked.


m3m3tic

I understand that, but it would usually send it to...iptables...and since he is looking for an iptables-ish FW for Windows an assumption can be made that using Snort with iptables doesn't really accomplish what he is looking for.

"I understand that, but it would usually send it to...iptables..."

Really? I know plenty of people who do what i spoke of and never send it to iptables, or ipchains either. sure, many people probably do as well. so?


"and since he is looking for an iptables-ish FW for Windows an assumption can be made that using Snort with iptables doesn't really accomplish what he is looking for."

Who said anything about sending it to iptables??? didn't you ever hear, to assume is to make an ass out of you and me? haha.


using snort (on windows) with whatever he wants to combine it with (on windows) is the only thing i can think of that will get him something like iptables. I was even willing to provide him with some links for support, if he decided to try it.

What's your suggestion?

m3m3tic

Ok, he has to send it to SOMETHING iptables-ish...what are YOU suggesting he combine it with? Does it have a GUI? Which is what he is asking for. What are these friends of yours using? Answering THAT will probably give him the answer he wants. It's time to put up or shut up. Either answer the question he originally asked, and Snort isn't the answer, or shut the fuck up.

"This is a little off from the original goal, but makes sense."

yeah it's hard to come up with what he's asking for, I don't think anything like that exists. What you suggest does make sense too, i like it.

"BTW this little router / firewall runs linux. And lo and behold.............. it uses IPTABLES!."

LOL. Oversight, you can also check out snortsam. http://www.snortsam.net/index.html

Its a plugin for snort that gives it better functionality and will allow it to be used with many different firewalls (chris> i don't know which ones use iptables and which ones don't, but I think most of them come with a gui). I personally like Rusty's suggestion, especially if your using it at home - much cheaper than buying another box. The snortsam/snort/hardware firewall option can be very expensive too, some of the hardware firewalls are around $2500+.

Not to beat a dead horse, but here's a link to a snort firewall gui (oops, I mean IDS):

http://sguil.sourceforge.net/

Zonealarm is pretty good. you can create your own expert rules with its "add rule" gui. It's actually not bad. it's possible to create some pretty complex rule sets based on sources, destinations, protocols, and times, with the ability to enable/disable (without deleting the rule) alert, and log. I know you want a gui, but it's possible to edit the rules with http://architag.com/xray/ (free) or any other editor too. this is handy if you want to add a huge list of banned ip's without typing them one by one. It's also nice because you can create multiple firewall configurations that you can load and unload at will. the free version of zalarm is limited in it's ability.

Hope some of this helps,

m3m3tic

p.s. oh, and Chris:

"Ok, he has to send it to SOMETHING iptables-ish..."

who said anything about "-ish?"

Chris, it burns when you look foolish doesn't it? I'm still curious to hear what your suggestions are. do you even have any, or are you here just to troll? I was wondering how you got so many posts. Are they from helping or trolling?

"It's time to put up or shut up."

maybe it's time for you to take your own advice.

You are a complete retard. I am done with you because English is apparently not your first language.

Oh, and in case you weren't sure, I'm not a Troll...I'm the fucking admin, and you are banned.

Fuck off now....buh bye.

m3m3tic@mailinator.com
69.28.212.173