LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-27-2009, 08:11 AM   #1
summersgone
LQ Newbie
 
Registered: Dec 2006
Posts: 29

Rep: Reputation: 15
Question [help] Snort + Guardian


Hi,
I've just currently setup guardian and snort together , so it looks like this :

[attacker's host]--> [snort+guardian]--> [target's host]

Guardian works fine if I used it to proect 1 ip address (on snort+guardian's host). Is it possible to use guardian to protect the target's host ?
When I tried to attack target's host from attacker's host , this is what i got on /var/log/guardian.log :

Quote:
Odd.. source= 192.168.1.4,dest = 192.168.1.7 - No Action Done
FYI : I'm using these scripts to block/unblock :
http://www.chaotic.org/guardian/scri...ables_block.sh
http://www.chaotic.org/guardian/scri...les_unblock.sh

Thankx

Last edited by summersgone; 05-27-2009 at 08:12 AM.
 
Old 05-27-2009, 02:16 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Looking at the guardian source you see this explained as:
Code:
  # you will see this if the destination was not in the $targethash, and the
  # packet was not ignored before the target check.. 
  else { 
    &write_log ("Odd.. source = $source, dest = $dest - No action done.\n");
so maybe adjust the target hash (see source around line 38 for explanation)?
 
Old 05-27-2009, 10:36 PM   #3
summersgone
LQ Newbie
 
Registered: Dec 2006
Posts: 29

Original Poster
Rep: Reputation: 15
well , thanks unSpawn.
I finally managed it by sending the snort alert (cron) to the target's host , and running the guardian ips from target's host.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[HELP]SNORT PROBLEMS(IDS)-service snort start JayCool Linux - Software 5 03-15-2009 12:34 PM
snort + Guardian Atrocity Linux - Security 1 06-29-2005 10:48 AM
snort with ipf and guardian SiLiCoN *BSD 0 05-11-2005 06:43 AM
how snort and guardian work together? jarien Linux - Security 2 11-27-2004 08:00 AM
Snort 2.05 and guardian 1.6 problem mikmok Linux - Security 7 12-23-2003 10:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration