Great tip, Frank! Good stuff. Using snortsam, it should be pretty easy to get OSSIM to display the current status of applied ACL's (active / removed) to routers and firewalls.
Thanks again! -- Craig Rodenberg, GIAC Director, Information Security Red Plaid Hosting On 9/22/05, Frank Knobbe <[EMAIL PROTECTED]> wrote: > On Wed, 2005-09-21 at 13:49 -0500, Craig Rodenberg wrote: > > The Cisco ACL creation and PIX firewall rule insertion features are > > what I spent the most time on. The basic functionality for attack > > blocking is already there, but you'll want to make sure that a DDoS > > attack (or other spoofed attack) does not cause you to ACL / firewall > > your network against the entire internet. > > > OSSIM and AAnval seem to be the best "free" NETSEC tools right now. > > You might want to check out SnortSAM at http://www.snortsam.net. > > Cheers, > Frank > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (FreeBSD) > > iD8DBQBDM1i6wBQKb2zelzoRAkSYAKCgHAnWMZOYTq5KUf0R+JFdWVvHWgCfaAtn > MucRow1DcnL9mfBsV8VLhiw= > =Oeww > -----END PGP SIGNATURE----- > > >
