On 4/5/07, Lang, Robert <Robert.Lang@suny.edu> wrote:
> Has anyone had any luck getting rule blocking working with Snortsam and
> a Cisco ASA? It works like a charm with our Watchguard Firewall, but
> with our PIX/ASA I always get a message that says "Error: [pix] Did not
> receive a response waiting for logon prompt from PIX at x.x.x.x".
Using telnet to manage firewalls? Tsk-tsk. :-)
The problem is either that:
1) Cisco routers and firewalls by default skip the standard "login:"
prompt most telnet servers offer up and go right to "Password:" Use
the 'pix' directive in your snortsam conf file instead:
pix 10.0.0.1 [telnetpass] [enablesecret] [config]
2) You *are* using the pix directive and you have AAA user
authentication turned on on the PIX and it *is* generating a "login:"
prompt. Use:
pix 10.0.0.1 [user]/[password] [enablesecret] [config]
Seriously, though, I would consider building Snort with flexresp and
modifying those rules that pertain to you to fire off ICMP type 3 or
TCP RST packets that will cause whatever firewall to drop the
connection. Then you can turn telnet off. :-)
PaulM
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|