[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: Anyone suggest windows Firewall works with ossec?
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
- From: MdMonk <mdmonk@xxxxxxxxx>
- Date: Thu, 5 Jul 2007 08:03:10 -0600
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rnlXD8Nt89hQW4GzkO4qZCiwKVTl9NMCpMgF6TKh6VMJ61BWpNgIQF7royhGnlUq/Ix4DOxVnBD0YjEpGTvuDFzVmEoLCE+E+4y91Qrn3gfmPVULK8A19+G6zQYdWv1EWLJL/K6l6AX3zyXiJY33Lm3ZGj5S/mkVD49J/B35Ak0=
John-
Send your ideas, or even better, code samples/snippets to the list or
drop in #ossec on irc.freenode.net. We can bounce ideas off each other
and I'm sure we can come up with a solution or at least the start of
one.
Anything I would code up would be hacked-together scripts as well. So
at least you are in good company John! :)
-Chuck (MdMonk)
On 7/4/07, John Ives <jives@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
>
>
> Actually, my thoughts on active response for windows were just part of a
> number of thoughts I have had recently on active response and ways to
> utilize it more.
>
> I have ideas on how I could add this functionaility for windows, but I
> would be the first to admit that anything I write would be a hack and
> would probably include a combination of perl scripts and netcat. :)
>
> John
>
> -------------------------------------------------------------------------
> John Ives Phone (510) 642-7773
> System & Network Security Cell (510) 229-8676
> University of California, Berkeley
> -------------------------------------------------------------------------
>
> On Wed, 4 Jul 2007, deltamails@xxxxxxxxx wrote:
>
> >
> > John,
> > Windows version of OSSEC is like Read only mode. It can no do something like
> > active respone which is possible in Linux edition. But Windows is more
> > vulnerable to brute force and other attacks.
> > If some firewall and ossec and be married together then it makes perfect
> > combination. Right now ossec on windows is just reading the logs and sending
> > alerts.
> > If anyone have any idea how to implement this then please suggest.
> >
> > Regards,
> > DM
> >
> >
> > ----- Original Message -----
> > From: "John Ives" <jives@xxxxxxxxxxxxxxxxxxxxx>
> > To: <ossec-list@xxxxxxxxxxxxxxxx>
> > Sent: Wednesday, July 04, 2007 12:34 AM
> > Subject: [ossec-list] Re: Anyone suggest windows Firewall works with ossec?
> >
> >
> >>
> >> MdMonk wrote:
> >>> There's talk of how to implement active-response on Microsoft Windows
> >>> systems. Something I had brought up was to use the "netsh" command.
> >>>
> >>> -Chuck (MdMonk)
> >>>
> >>> On 7/4/07, deltamails@xxxxxxxxx <deltamails@xxxxxxxxx> wrote:
> >>>
> >>>> Can anyone suggest windows firewall that works with ossec?
> >>>>
> >>>> Regards,
> >>>> DM
> >>>>
> >>
> >> I have been considering this as well lately and feel that using netsh to
> >> manipulate the IPSec filters would be the best bet. My concern has been
> >> how to write a script that could be used in multiple environments.
> >> Since only one IPSec policy can be applied at a time, I would guess that
> >> a config file would be necessary so that admins could set the policy to
> >> use along with any other settings.
> >>
> >> John
> >>
> >> --
> >> -------------------------------------------------------------------------
> >> John Ives Phone (510) 642-7773
> >> System & Network Security Cell (510) 229-8676
> >> University of California, Berkeley
> >> -------------------------------------------------------------------------
> >>
> >>
> >
> >
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.