NetSQUID
NetSQUID is a Perl script (daemon) that sits in between Snort and IPTables. It gathers alerts generated by Snort, then automatically creates an IPTables firewall entry to block the alerting host (such as those infected by viruses). Web traffic is redirected to a Web server that can alert the user to the infection. The host is automatically unblocked after a specified time. It can also send DHCP address requests, so rogue DHCP servers can be detected by Snort.
| Tags | Networking Firewalls Security Monitoring |
|---|---|
| Licenses | Other |
| Operating Systems | POSIX Linux |
Recent releases
- 09 Aug 2004 13:23
Changes: Some code cleanup, and minor bugfixes. Adding of previously blocked IPs was fixed. The way HTTP traffic is allowed to specific hosts (NAT rules) has been fixed, which also means you cannot redirect to more than one host now.
- 03 Aug 2004 10:45
Changes: The ability to allow for a 'pass through' HTTP server was added, so that all port 80 traffic will be redirected except to a specified server (perhaps a patch server or similar). Also, any IPs specified in either the DNS section or the HTTP section of the config file are automatically added to the exclude list, so they will not be blocked for any alert generated by them.
- 14 Jul 2004 16:49
Changes: There are a few minor changes and some code cleanup. DNS rules to also allow TCP for things like zone transfers and hosts with large DNS records have been added.
- 30 Jun 2004 13:49
Changes: The ability to keep state on a restart has been added, so currently blocked hosts will get re-blocked after the daemon is restarted. There is some more code cleanup and an updated documentation/install script, and a startup script has been added.
- 10 Jun 2004 23:06
Changes: This version added blocks for a specific classification type and network (CIDR) support to the exclude file. A config file option for specifying the location of sendmail was added along with code cleanups, bugfixes, more documentation, and fixes for the install script.
