Snortsam - A Firewall Blocking Agent for Snort

About | News | Download | Documentation

Welcome to SnortSam (or better, its Memorial Page)

SnortSam was a plugin for Snort™, an open-source light-weight Intrusion Detection System (IDS). The plugin allowed (in the past) for automated blocking of IP addresses on following firewalls:

SnortSam had also been integrated with Sagan, which is a log analysis engine developed by Champ Clark. The Snortsam Output Plugin and related files (header, Twofish) are available at the Sagan GitHub repository.

SnortSam itself consisted of two pieces -- the output plugin within Snort™ and an intelligent agent that ran on the firewall, or a host near the firewall. The agent provideed a variety of capabilities that went beyond other automated blocking mechanisms at its time, such as:

SnortSam is open-source software, free of charge. Back in its day, it could be compiled under any platform and functioned across different platforms. SnortSam can still be obtained through web download, FTP download, or CVS access. Links are still provided in the download section.

SnortSam has not seen any further development for almost a decade. It's been pretty much End-of-Life. However, it still works (I think), and can still be used for its intended purpose. At the very least, it can serve as an educational example of a unique prevention mechanism. (Back in its days, it pioneered the concept of "distributed intrusion prevention". Since those days, "threat intel exchange" had finally become "a thing" and has been used in a variety of products.)

© Copyright 2001-2018 Frank Knobbe. All rights reserved.
Snort and Sourcefire are registered trademarks of Sourcefire, Inc, now Cisco.