Snortsam - A Firewall Blocking Agent for Snort


About | News | Download | Documentation | Mail List

Welcome to SnortSam

SnortSam is a plugin for Snort™, an open-source light-weight Intrusion Detection System (IDS). The plugin allows for automated blocking of IP addresses on following firewalls:

SnortSam has also been integrated with Sagan, which is a log analysis engine developed by Champ Clark. The Snortsam Output Plugin and related files (header, Twofish) are available at the Sagan GitHub repository.

SnortSam itself consists of two pieces -- the output plugin within Snort™ and an intelligent agent that runs on the firewall, or a host near the firewall. The agent provides a variety of capabilities that go beyond other automated blocking mechanisms, such as:

SnortSam is open-source software, free of charge. It can be compiled under any platform and should function across different platforms (please let me know if you encounter any problems). SnortSam can be obtained through web download, FTP download, or CVS access. Links are provided in the download section.



© Copyright 2001-2014 Frank Knobbe. All rights reserved.
Snort and Sourcefire are registered trademarks of Sourcefire, Inc.