I prepared a SNORT rule to drop DoS tools patterns like traffic, the rule is working fine, can you tell after how much time will the FW send the IP's attacking the network after matching the rule?
Or is there a way to put in the snort rule a way like send to sam or not?
Because I know that for snort there is snortsam a plugin for snort:
SnortSam is a plugin for Snort, an open-source light-weight Intrusion Detection System (IDS). The plugin allows for automated blocking of IP addresses on following firewalls:
- Checkpoint Firewall-1
- Cisco PIX firewalls
- Cisco Routers (using ACL's or Null-Routes)
- Former Netscreen, now Juniper firewalls
- IP Filter (ipf), available for various Unix-like OS'es such as FreeBSD?
- FreeBSD?'s ipfw2 (in 5.x)
- OpenBSD?'s Packet Filter (pf)
- Linux IPchains
- Linux IPtables
- Linux EBtables
- WatchGuard? Firebox firewalls
- 8signs firewalls for Windows
- MS ISA Server firewall/proxy for Windows
- CHX packet filter
- Ali Basel's Tracker SNMP through the SNMP-Interface-down plugin
- ...and more to come...
Is there any kind of plugin or feature for the R77.30 FW/IPS?
Thank you vey much in advance.