NetSQUID is a Perl script (daemon) that sits in between Snort and IPTables. It gathers alerts generated by Snort, then automatically creates an IPTables firewall entry to block the alerting host (such as those infected by viruses).
This project is a way to dynamically block hosts that are infected with some kind of virus or are in violation of a policy (scanning/hacking/etc.). However that's not where it stops.
It can not only detect and quarantine infected hosts, it can also notify the infected host/user that they are in violation of something.
It's basically a simple/easy way to take a great IDS (Intrusion Detection System) like Snort and transform it into an IPS (Intrusion Prevention System).
The main goals were:
1. Low administration
2. Easy to deploy
3. Effective
4. Usable in a wide variety of environments
5. Low cost
Product's homepage
Find us on Google+
